Merge rust-bitcoin/rust-bitcoin#2607: merkle_block: add resource limit check during deserialization

f1dcfab293 merkle_block: add resource limit check during deserialization (Andrew Poelstra)

Pull request description:

  Fixes #2606

ACKs for top commit:
  tcharding:
    ACK f1dcfab293
  sanket1729:
    ACK f1dcfab293

Tree-SHA512: f0ab0f7a7bd7f38741149263a2c321b0ec9f09d299be96c5174c4e21edd383fc2824574a790331769dee1f06e3ad1dd53601921eb82038e08235b797d68a37fd
This commit is contained in:
Andrew Poelstra 2024-03-19 15:13:39 +00:00
commit 002590be70
No known key found for this signature in database
GPG Key ID: C588D63CE41B97C1
1 changed files with 21 additions and 1 deletions

View File

@ -47,7 +47,7 @@ use self::MerkleBlockError::*;
use crate::blockdata::block::{self, Block, TxMerkleNode}; use crate::blockdata::block::{self, Block, TxMerkleNode};
use crate::blockdata::transaction::{Transaction, Txid}; use crate::blockdata::transaction::{Transaction, Txid};
use crate::blockdata::weight::Weight; use crate::blockdata::weight::Weight;
use crate::consensus::encode::{self, Decodable, Encodable}; use crate::consensus::encode::{self, Decodable, Encodable, MAX_VEC_SIZE};
use crate::prelude::*; use crate::prelude::*;
/// Data structure that represents a block header paired to a partial merkle tree. /// Data structure that represents a block header paired to a partial merkle tree.
@ -459,6 +459,12 @@ impl Decodable for PartialMerkleTree {
let hashes: Vec<TxMerkleNode> = Decodable::consensus_decode(r)?; let hashes: Vec<TxMerkleNode> = Decodable::consensus_decode(r)?;
let nb_bytes_for_bits = encode::VarInt::consensus_decode(r)?.0 as usize; let nb_bytes_for_bits = encode::VarInt::consensus_decode(r)?.0 as usize;
if nb_bytes_for_bits > MAX_VEC_SIZE {
return Err(encode::Error::OversizedVectorAllocation {
requested: nb_bytes_for_bits,
max: MAX_VEC_SIZE,
});
}
let mut bits = vec![false; nb_bytes_for_bits * 8]; let mut bits = vec![false; nb_bytes_for_bits * 8];
for chunk in bits.chunks_mut(8) { for chunk in bits.chunks_mut(8) {
let byte = u8::consensus_decode(r)?; let byte = u8::consensus_decode(r)?;
@ -816,4 +822,18 @@ mod tests {
tree_width_20, 7, 2, 2; tree_width_20, 7, 2, 2;
tree_width_21, 7, 3, 1; tree_width_21, 7, 3, 1;
} }
#[test]
fn regression_2606() {
// Attempt
let bytes = hex!(
"000006000000000000000004ee00000004c7f1ccb1000000ffff000000010000\
0000ffffffffff1f000000000400000000000002000000000500000000000000\
000000000300000000000003000000000200000000ff00000000c7f1ccb10407\
00000000000000ccb100c76538b100000004bfa9c251681b1b00040000000025\
00000004bfaac251681b1b25\
");
let deser = crate::consensus::deserialize::<MerkleBlock>(&bytes);
assert!(deser.is_err());
}
} }