diff options
author | Pieter Wuille <pieter.wuille@gmail.com> | 2016-04-24 16:21:44 +0200 |
---|---|---|
committer | Pieter Wuille <pieter.wuille@gmail.com> | 2016-04-25 14:42:07 +0200 |
commit | 5d0434d13d0145a110c0c93e59edfd7d062f8531 (patch) | |
tree | 7a6629f4f661d2b52b8d5b2304cf42e673caf7e8 | |
parent | 4bf631e5e48cd4c14c825cdaf7a1bee81e15493d (diff) |
Fix OOM bug: UTXO entries with invalid script length
-rw-r--r-- | src/compressor.h | 10 | ||||
-rw-r--r-- | src/streams.h | 14 |
2 files changed, 22 insertions, 2 deletions
diff --git a/src/compressor.h b/src/compressor.h index 4a72090830..fa702f0dfa 100644 --- a/src/compressor.h +++ b/src/compressor.h @@ -86,8 +86,14 @@ public: return; } nSize -= nSpecialScripts; - script.resize(nSize); - s >> REF(CFlatData(script)); + if (nSize > MAX_SCRIPT_SIZE) { + // Overly long script, replace with a short invalid one + script << OP_RETURN; + s.ignore(nSize); + } else { + script.resize(nSize); + s >> REF(CFlatData(script)); + } } }; diff --git a/src/streams.h b/src/streams.h index a50fe4e859..ed14f3f412 100644 --- a/src/streams.h +++ b/src/streams.h @@ -406,6 +406,20 @@ public: return (*this); } + CAutoFile& ignore(size_t nSize) + { + if (!file) + throw std::ios_base::failure("CAutoFile::ignore: file handle is NULL"); + unsigned char data[4096]; + while (nSize > 0) { + size_t nNow = std::min<size_t>(nSize, sizeof(data)); + if (fread(data, 1, nNow, file) != nNow) + throw std::ios_base::failure(feof(file) ? "CAutoFile::ignore: end of file" : "CAutoFile::read: fread failed"); + nSize -= nNow; + } + return (*this); + } + CAutoFile& write(const char* pch, size_t nSize) { if (!file) |