Limit deserialization of data coming off the wire (#6751)

* Limit deserialization of data coming off the wire * Feedback and cleanup
2019-11-06 00:07:57 -08:00
parent 8e3be6413e
commit 9614d17024
9 changed files with 49 additions and 28 deletions
--- a/core/src/sigverify_shreds.rs
+++ b/core/src/sigverify_shreds.rs
@@ -1,8 +1,7 @@
 #![allow(clippy::implicit_hasher)]
-use crate::packet::{Packet, Packets};
+use crate::packet::{limited_deserialize, Packet, Packets};
 use crate::sigverify::{self, TxOffset};
 use crate::sigverify_stage::SigVerifier;
-use bincode::deserialize;
 use rayon::iter::IndexedParallelIterator;
 use rayon::iter::IntoParallelIterator;
 use rayon::iter::IntoParallelRefMutIterator;
@@ -57,7 +56,8 @@ impl ShredSigVerifier {
                    let slot_end = slot_start + size_of::<u64>();
                    trace!("slot {} {}", slot_start, slot_end,);
                    if slot_end <= packet.meta.size {
-                        let slot: u64 = deserialize(&packet.data[slot_start..slot_end]).ok()?;
+                        let slot: u64 =
+                            limited_deserialize(&packet.data[slot_start..slot_end]).ok()?;
                        Some(slot)
                    } else {
                        None
@@ -120,7 +120,7 @@ fn verify_shred_cpu(packet: &Packet, slot_leaders: &HashMap<u64, [u8; 32]>) -> O
    if packet.meta.size < slot_end {
        return Some(0);
    }
-    let slot: u64 = deserialize(&packet.data[slot_start..slot_end]).ok()?;
+    let slot: u64 = limited_deserialize(&packet.data[slot_start..slot_end]).ok()?;
    trace!("slot {}", slot);
    let pubkey = slot_leaders.get(&slot)?;
    if packet.meta.size < sig_end {
@@ -180,7 +180,7 @@ fn slot_key_data_for_gpu<
                                return std::u64::MAX;
                            }
                            let slot: Option<u64> =
-                                deserialize(&packet.data[slot_start..slot_end]).ok();
+                                limited_deserialize(&packet.data[slot_start..slot_end]).ok();
                            match slot {
                                Some(slot) if slot_keys.get(&slot).is_some() => slot,
                                _ => std::u64::MAX,
@@ -379,7 +379,7 @@ fn sign_shred_cpu(
        "packet is not large enough for a slot"
    );
    let slot: u64 =
-        deserialize(&packet.data[slot_start..slot_end]).expect("can't deserialize slot");
+        limited_deserialize(&packet.data[slot_start..slot_end]).expect("can't deserialize slot");
    trace!("slot {}", slot);
    let pubkey = slot_leaders_pubkeys
        .get(&slot)