aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVasil Dimov <vd@FreeBSD.org>2021-07-15 13:04:26 +0200
committerVasil Dimov <vd@FreeBSD.org>2021-07-15 13:40:29 +0200
commit816f29eab296ebec2da8f8606ad618609e3ba228 (patch)
treea7d1cbbcb2d0367cda46bccefaf38e76ffe0882f
parent97153a702600430bdaf6af4f6f4eb8593e32819f (diff)
downloadbitcoin-816f29eab296ebec2da8f8606ad618609e3ba228.tar.xz
addrman: detect on-disk corrupted nNew and nTried during unserialization
Negative `nNew` or `nTried` are not possible during normal operation. So, if we read such values during unserialize, report addrman corruption. Fixes https://github.com/bitcoin/bitcoin/issues/22450
Diffstat
-rw-r--r--src/addrman.h14
1 files changed, 10 insertions, 4 deletions
diff --git a/src/addrman.h b/src/addrman.h
index 2a5c6c06b4..5de90653c1 100644
--- a/src/addrman.h
+++ b/src/addrman.h
@@ -334,12 +334,18 @@ public:
nUBuckets ^= (1 << 30);
}
- if (nNew > ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE) {
- throw std::ios_base::failure("Corrupt CAddrMan serialization, nNew exceeds limit.");
+ if (nNew > ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE || nNew < 0) {
+ throw std::ios_base::failure(
+ strprintf("Corrupt CAddrMan serialization: nNew=%d, should be in [0, %u]",
+ nNew,
+ ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE));
}
- if (nTried > ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE) {
- throw std::ios_base::failure("Corrupt CAddrMan serialization, nTried exceeds limit.");
+ if (nTried > ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE || nTried < 0) {
+ throw std::ios_base::failure(
+ strprintf("Corrupt CAddrMan serialization: nTried=%d, should be in [0, %u]",
+ nTried,
+ ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE));
}
// Deserialize entries from the new table.
generated by cgit v1.2.3 (git 2.26.2) at 2024-07-01 07:12:48 +0000