neobytes-project/neobytes
neobytes-project/neobytes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Truncate oversize 'tx' messages before relaying/storing.

Browse Source 
Fixes a memory exhaustion attack on low-memory peers.
This commit is contained in:
Peter Todd 2013-06-25 09:57:59 -04:00 committed by Gavin Andresen
parent 2e01ec3207
commit c40a5aaaf4
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/main.cpp
View File

@ -3567,6 +3567,16 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv)
CInv inv(MSG_TX, tx.GetHash()); CInv inv(MSG_TX, tx.GetHash());
pfrom->AddInventoryKnown(inv); pfrom->AddInventoryKnown(inv);
// Truncate messages to the size of the tx in them
unsigned int nSize = ::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION);
unsigned int oldSize = vMsg.size();
if (nSize < oldSize) {
vMsg.resize(nSize);
printf("truncating oversized TX %s (%u -> %u)\n",
tx.GetHash().ToString().c_str(),
oldSize, nSize);
}
bool fMissingInputs = false; bool fMissingInputs = false;
CValidationState state; CValidationState state;
if (mempool.accept(state, tx, true, &fMissingInputs)) if (mempool.accept(state, tx, true, &fMissingInputs))