aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2014-08-18 09:47:06 +0200
committerWladimir J. van der Laan <laanwj@gmail.com>2014-08-18 09:55:24 +0200
commit21e7a5690f77eb2ac04befe07008367cdf142905 (patch)
tree0d57b9b95c7630319ce4d8700e4b2e424f4a81bb /src
parente2e73e5d8f5d0622711f5367c4f06f5dddc12523 (diff)
parent216e9a4456207f5ae9cd85926521851e11a26d92 (diff)
Merge pull request #4655
216e9a4 Add a way to limit deserialized string lengths (Pieter Wuille)
Diffstat (limited to 'src')
-rw-r--r--src/alert.h6
-rw-r--r--src/main.cpp9
-rw-r--r--src/serialize.h39
-rw-r--r--src/wallet.h6
4 files changed, 46 insertions, 14 deletions
diff --git a/src/alert.h b/src/alert.h
index da140be5e5..296d48891a 100644
--- a/src/alert.h
+++ b/src/alert.h
@@ -60,9 +60,9 @@ public:
READWRITE(setSubVer);
READWRITE(nPriority);
- READWRITE(strComment);
- READWRITE(strStatusBar);
- READWRITE(strReserved);
+ READWRITE(LIMITED_STRING(strComment, 65536));
+ READWRITE(LIMITED_STRING(strStatusBar, 256));
+ READWRITE(LIMITED_STRING(strReserved, 256));
)
void SetNull();
diff --git a/src/main.cpp b/src/main.cpp
index e135e93adb..09b10c8e55 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -3568,7 +3568,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
if (!vRecv.empty())
vRecv >> addrFrom >> nNonce;
if (!vRecv.empty()) {
- vRecv >> pfrom->strSubVer;
+ vRecv >> LIMITED_STRING(pfrom->strSubVer, 256);
pfrom->cleanSubVer = SanitizeString(pfrom->strSubVer);
}
if (!vRecv.empty())
@@ -4192,7 +4192,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
if (fDebug)
{
string strMsg; unsigned char ccode; string strReason;
- vRecv >> strMsg >> ccode >> strReason;
+ vRecv >> LIMITED_STRING(strMsg, CMessageHeader::COMMAND_SIZE) >> ccode >> LIMITED_STRING(strReason, 111);
ostringstream ss;
ss << strMsg << " code " << itostr(ccode) << ": " << strReason;
@@ -4203,10 +4203,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
vRecv >> hash;
ss << ": hash " << hash.ToString();
}
- // Truncate to reasonable length and sanitize before printing:
- string s = ss.str();
- if (s.size() > 111) s.erase(111, string::npos);
- LogPrint("net", "Reject %s\n", SanitizeString(s));
+ LogPrint("net", "Reject %s\n", SanitizeString(ss.str()));
}
}
diff --git a/src/serialize.h b/src/serialize.h
index f876efd9b5..2eb69b3ec0 100644
--- a/src/serialize.h
+++ b/src/serialize.h
@@ -334,8 +334,9 @@ I ReadVarInt(Stream& is)
}
}
-#define FLATDATA(obj) REF(CFlatData((char*)&(obj), (char*)&(obj) + sizeof(obj)))
-#define VARINT(obj) REF(WrapVarInt(REF(obj)))
+#define FLATDATA(obj) REF(CFlatData((char*)&(obj), (char*)&(obj) + sizeof(obj)))
+#define VARINT(obj) REF(WrapVarInt(REF(obj)))
+#define LIMITED_STRING(obj,n) REF(LimitedString< n >(REF(obj)))
/** Wrapper for serializing arrays and POD.
*/
@@ -398,6 +399,40 @@ public:
}
};
+template<size_t Limit>
+class LimitedString
+{
+protected:
+ std::string& string;
+public:
+ LimitedString(std::string& string) : string(string) {}
+
+ template<typename Stream>
+ void Unserialize(Stream& s, int, int=0)
+ {
+ size_t size = ReadCompactSize(s);
+ if (size > Limit) {
+ throw std::ios_base::failure("String length limit exceeded");
+ }
+ string.resize(size);
+ if (size != 0)
+ s.read((char*)&string[0], size);
+ }
+
+ template<typename Stream>
+ void Serialize(Stream& s, int, int=0) const
+ {
+ WriteCompactSize(s, string.size());
+ if (!string.empty())
+ s.write((char*)&string[0], string.size());
+ }
+
+ unsigned int GetSerializeSize(int, int=0) const
+ {
+ return GetSizeOfCompactSize(string.size()) + string.size();
+ }
+};
+
template<typename I>
CVarInt<I> WrapVarInt(I& n) { return CVarInt<I>(n); }
diff --git a/src/wallet.h b/src/wallet.h
index 73fcfa24e0..864a635ec7 100644
--- a/src/wallet.h
+++ b/src/wallet.h
@@ -858,7 +858,7 @@ public:
READWRITE(vchPrivKey);
READWRITE(nTimeCreated);
READWRITE(nTimeExpires);
- READWRITE(strComment);
+ READWRITE(LIMITED_STRING(strComment, 65536));
)
};
@@ -933,7 +933,7 @@ public:
// Note: strAccount is serialized as part of the key, not here.
READWRITE(nCreditDebit);
READWRITE(nTime);
- READWRITE(strOtherAccount);
+ READWRITE(LIMITED_STRING(strOtherAccount, 65536));
if (!fRead)
{
@@ -949,7 +949,7 @@ public:
}
}
- READWRITE(strComment);
+ READWRITE(LIMITED_STRING(strComment, 65536));
size_t nSepPos = strComment.find("\0", 0, 1);
if (fRead)