diff options
| author | Peter Todd <pete@petertodd.org> | 2013-06-25 09:57:59 -0400 |
|---|---|---|
| committer | Gavin Andresen <gavinandresen@gmail.com> | 2013-06-25 09:59:31 -0400 |
| commit | 7cc960f8f57e7fe90ee7aa0ccd3e3c6c89ec5a25 (patch) | |
| tree | 5e48c278206e93cab621cefb69863e166e8a2f49 /src | |
| parent | 09e437ba4e5cb7fcc53020c1ceb2451e0ff1606b (diff) | |
Truncate oversize 'tx' messages before relaying/storing.
Fixes a memory exhaustion attack on low-memory peers.
Diffstat (limited to 'src')
| -rw-r--r-- | src/main.cpp | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/main.cpp b/src/main.cpp index b7efac53b1..226d32295d 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -3508,6 +3508,16 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv) CInv inv(MSG_TX, tx.GetHash()); pfrom->AddInventoryKnown(inv); + // Truncate messages to the size of the tx in them + unsigned int nSize = ::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION); + unsigned int oldSize = vMsg.size(); + if (nSize < oldSize) { + vMsg.resize(nSize); + printf("truncating oversized TX %s (%u -> %u)\n", + tx.GetHash().ToString().c_str(), + oldSize, nSize); + } + bool fMissingInputs = false; CValidationState state; if (tx.AcceptToMemoryPool(state, true, true, &fMissingInputs)) |