oxen-io/oxen-core
2
1
Fork 0
mirror of https://github.com/oxen-io/oxen-core.git synced 2023-12-14 02:22:56 +01:00
Code Issues Projects Releases Wiki Activity

Fix Monero P2P remote DOS

Browse source 
Monero serialization reserves memory before validating the size of the
incoming data, thus allowing a remote node to send malicious data that
causes the local node to run itself out of memory.

This fixes it by limiting the amount of memory we'll reserve in advance
to a sane amount.
This commit is contained in:
Jason Rhinelander 2020-12-31 12:04:21 -04:00
parent 25589b0e8a
commit bf426b9d00
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
contrib/epee/include/epee/storages/portable_storage_from_bin.h
View file

@ -129,8 +129,8 @@ namespace epee
CHECK_AND_ASSERT_THROW_MES(size <= m_count, "Size sanity check failed");
storage_entry se{std::in_place_type<array_entry>, std::in_place_type<array_t<T>>};
auto& arr = var::get<array_t<T>>(var::get<array_entry>(se));
if constexpr (!std::is_same_v<T, bool>) // bool uses a std::deque instead of vector because
arr.reserve(size); // std::vector<bool> is broken by design
if constexpr (!std::is_same_v<T, bool>) // bool uses a std::deque, which isn't reserveable
arr.reserve(std::min<size_t>(size, 4096));
while(size--)
read(arr.emplace_back());