gaspersic/go-ethereum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

eth, les: add sanity checks for unbounded block fields (#19573)

Browse Source 
This PR adds some hardening in the lower levels of the protocol stack, to bail early on invalid data. Primarily, attacks that this PR protects against are on the "annoyance"-level, which would otherwise write a couple of megabytes of data into the log output, which is a bit resource intensive.
This commit is contained in:
Martin Holst Swende
2019-07-08 11:42:22 +02:00
committed by Felix Lange
parent 5bc9ccfa0a
commit cdfe9a3a2a
6 changed files with 57 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
les/handler.go
View File

@@ -442,7 +442,9 @@ func (pm *ProtocolManager) handleMsg(p *peer) error {
if err := msg.Decode(&req); err != nil {
return errResp(ErrDecode, "%v: %v", msg, err)
}
if err := req.sanityCheck(); err != nil {
return err
}
update, size := req.Update.decode()
if p.rejectUpdate(size) {
return errResp(ErrRequestRejected, "")