Merge rust-bitcoin/rust-bitcoin#2607: merkle_block: add resource limit check during deserialization
f1dcfab293
merkle_block: add resource limit check during deserialization (Andrew Poelstra) Pull request description: Fixes #2606 ACKs for top commit: tcharding: ACKf1dcfab293
sanket1729: ACKf1dcfab293
Tree-SHA512: f0ab0f7a7bd7f38741149263a2c321b0ec9f09d299be96c5174c4e21edd383fc2824574a790331769dee1f06e3ad1dd53601921eb82038e08235b797d68a37fd
This commit is contained in:
commit
002590be70
|
@ -47,7 +47,7 @@ use self::MerkleBlockError::*;
|
||||||
use crate::blockdata::block::{self, Block, TxMerkleNode};
|
use crate::blockdata::block::{self, Block, TxMerkleNode};
|
||||||
use crate::blockdata::transaction::{Transaction, Txid};
|
use crate::blockdata::transaction::{Transaction, Txid};
|
||||||
use crate::blockdata::weight::Weight;
|
use crate::blockdata::weight::Weight;
|
||||||
use crate::consensus::encode::{self, Decodable, Encodable};
|
use crate::consensus::encode::{self, Decodable, Encodable, MAX_VEC_SIZE};
|
||||||
use crate::prelude::*;
|
use crate::prelude::*;
|
||||||
|
|
||||||
/// Data structure that represents a block header paired to a partial merkle tree.
|
/// Data structure that represents a block header paired to a partial merkle tree.
|
||||||
|
@ -459,6 +459,12 @@ impl Decodable for PartialMerkleTree {
|
||||||
let hashes: Vec<TxMerkleNode> = Decodable::consensus_decode(r)?;
|
let hashes: Vec<TxMerkleNode> = Decodable::consensus_decode(r)?;
|
||||||
|
|
||||||
let nb_bytes_for_bits = encode::VarInt::consensus_decode(r)?.0 as usize;
|
let nb_bytes_for_bits = encode::VarInt::consensus_decode(r)?.0 as usize;
|
||||||
|
if nb_bytes_for_bits > MAX_VEC_SIZE {
|
||||||
|
return Err(encode::Error::OversizedVectorAllocation {
|
||||||
|
requested: nb_bytes_for_bits,
|
||||||
|
max: MAX_VEC_SIZE,
|
||||||
|
});
|
||||||
|
}
|
||||||
let mut bits = vec![false; nb_bytes_for_bits * 8];
|
let mut bits = vec![false; nb_bytes_for_bits * 8];
|
||||||
for chunk in bits.chunks_mut(8) {
|
for chunk in bits.chunks_mut(8) {
|
||||||
let byte = u8::consensus_decode(r)?;
|
let byte = u8::consensus_decode(r)?;
|
||||||
|
@ -816,4 +822,18 @@ mod tests {
|
||||||
tree_width_20, 7, 2, 2;
|
tree_width_20, 7, 2, 2;
|
||||||
tree_width_21, 7, 3, 1;
|
tree_width_21, 7, 3, 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn regression_2606() {
|
||||||
|
// Attempt
|
||||||
|
let bytes = hex!(
|
||||||
|
"000006000000000000000004ee00000004c7f1ccb1000000ffff000000010000\
|
||||||
|
0000ffffffffff1f000000000400000000000002000000000500000000000000\
|
||||||
|
000000000300000000000003000000000200000000ff00000000c7f1ccb10407\
|
||||||
|
00000000000000ccb100c76538b100000004bfa9c251681b1b00040000000025\
|
||||||
|
00000004bfaac251681b1b25\
|
||||||
|
");
|
||||||
|
let deser = crate::consensus::deserialize::<MerkleBlock>(&bytes);
|
||||||
|
assert!(deser.is_err());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue