New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
merkle_block: add resource limit check during deserialization #2607
merkle_block: add resource limit check during deserialization #2607
Conversation
I don't think this method is used except by applications implementing the p2p protocol (and I am not aware of any, at least not major ones) so I don't believe we need to bend over backward to contact or patch anybody. But we should backport to all version back to 0.28 which is the oldest version I think is in wide use. |
Pull Request Test Coverage Report for Build 8318744357Details
💛 - Coveralls |
Fuzzed deserialization of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK f1dcfab
Super cool to see this fixed.
Fuzzing has passed for 14.5 hours now (on a 32-core machine). |
Does that make it well and truly fu**ed? |
It means that the fix works. (Though we may want to tighten it; I think |
Ugh, sorry man - that was a joke (I literally had "(joke)" after it at first and removed it. fuzzed == fu**ed and the other interpretation. Too smart for my own good :) |
Oh, lol :) I missed the pun. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK f1dcfab
…ation 866781d merkle_block: add resource limit check during deserialization (Andrew Poelstra) Pull request description: Backport of #2607 to 0.31.x. ACKs for top commit: tcharding: ACK 866781d sanket1729: ACK 866781d Tree-SHA512: 19cd2ecf75e4cfedb8abded43571cf1fe14512807a0e5fd9925ebbc932d5208a27f72a4c450a864f4ab9d6aca89bb4062678e1516f523cb5298e4ee44cd792f4
Fixes #2606