Input values are not sanitized after they are deserialized, making it far too easy for Leo to earn SOL (#9706)

* sanitize gossip protocol messages * sanitize transactions * crds protocol sanitize
2020-04-27 11:06:00 -07:00
parent c372a39dd3
commit 8ef097bf6f
13 changed files with 333 additions and 31 deletions
--- a/runtime/src/bloom.rs
+++ b/runtime/src/bloom.rs
@@ -19,6 +19,8 @@ pub struct Bloom<T: BloomHashIndex> {
    _phantom: PhantomData<T>,
 }

+impl<T: BloomHashIndex> solana_sdk::sanitize::Sanitize for Bloom<T> {}
+
 impl<T: BloomHashIndex> Bloom<T> {
    pub fn new(num_bits: usize, keys: Vec<u64>) -> Self {
        let bits = BitVec::new_fill(false, num_bits as u64);