diff options
| author | MarcoFalke <falke.marco@gmail.com> | 2021-07-19 14:25:46 +0200 |
|---|---|---|
| committer | MarcoFalke <falke.marco@gmail.com> | 2021-07-19 14:25:53 +0200 |
| commit | 54e31742d208eb98ce706aaa6bbd4b023f42c3a5 (patch) | |
| tree | 1be1ba8a17f0e50dd727ad2cd6ba9e097c4fc3ad /src | |
| parent | d3474b8df2f973e9b9142c0b64505a8a78bcb292 (diff) | |
| parent | 816f29eab296ebec2da8f8606ad618609e3ba228 (diff) | |
Merge bitcoin/bitcoin#22455: addrman: detect on-disk corrupted nNew and nTried during unserialization
816f29eab296ebec2da8f8606ad618609e3ba228 addrman: detect on-disk corrupted nNew and nTried during unserialization (Vasil Dimov)
Pull request description:
Negative `nNew` or `nTried` are not possible during normal operation.
So, if we read such values during unserialize, report addrman
corruption.
Fixes https://github.com/bitcoin/bitcoin/issues/22450
ACKs for top commit:
MarcoFalke:
cr ACK 816f29eab296ebec2da8f8606ad618609e3ba228
jonatack:
ACK 816f29eab296ebec2da8f8606ad618609e3ba228
lsilva01:
Code Review ACK https://github.com/bitcoin/bitcoin/pull/22455/commits/816f29eab296ebec2da8f8606ad618609e3ba228. This change provides a more accurate description of the error.
Tree-SHA512: 01bdd72d2d86a0ef770a319fee995fd1e147b24a8db84ddb8cd121688e7f94fed73fddc0084758e7183c4f8d08e971f0b1b224f5adb10928a5aa4dbbc8709d74
Diffstat (limited to 'src')
| -rw-r--r-- | src/addrman.h | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/addrman.h b/src/addrman.h index 2a5c6c06b4..5de90653c1 100644 --- a/src/addrman.h +++ b/src/addrman.h @@ -334,12 +334,18 @@ public: nUBuckets ^= (1 << 30); } - if (nNew > ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE) { - throw std::ios_base::failure("Corrupt CAddrMan serialization, nNew exceeds limit."); + if (nNew > ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE || nNew < 0) { + throw std::ios_base::failure( + strprintf("Corrupt CAddrMan serialization: nNew=%d, should be in [0, %u]", + nNew, + ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE)); } - if (nTried > ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE) { - throw std::ios_base::failure("Corrupt CAddrMan serialization, nTried exceeds limit."); + if (nTried > ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE || nTried < 0) { + throw std::ios_base::failure( + strprintf("Corrupt CAddrMan serialization: nTried=%d, should be in [0, %u]", + nTried, + ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE)); } // Deserialize entries from the new table. |