diff options
| author | Peter Todd <pete@petertodd.org> | 2013-06-25 09:57:59 -0400 |
|---|---|---|
| committer | Gavin Andresen <gavinandresen@gmail.com> | 2013-06-25 10:37:50 -0400 |
| commit | c40a5aaaf484855a4350fd702e8e72fd21a68155 (patch) | |
| tree | 653e23b60e0891892092bcb6638a0caf44230bb0 | |
| parent | 2e01ec3207302527737f93f866c803d03200f2c0 (diff) | |
Truncate oversize 'tx' messages before relaying/storing.
Fixes a memory exhaustion attack on low-memory peers.
| -rw-r--r-- | src/main.cpp | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/main.cpp b/src/main.cpp index da928a4b90..f3ce436606 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -3567,6 +3567,16 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv) CInv inv(MSG_TX, tx.GetHash()); pfrom->AddInventoryKnown(inv); + // Truncate messages to the size of the tx in them + unsigned int nSize = ::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION); + unsigned int oldSize = vMsg.size(); + if (nSize < oldSize) { + vMsg.resize(nSize); + printf("truncating oversized TX %s (%u -> %u)\n", + tx.GetHash().ToString().c_str(), + oldSize, nSize); + } + bool fMissingInputs = false; CValidationState state; if (mempool.accept(state, tx, true, &fMissingInputs)) |