Retropex/bitcoin
1
0
Fork 0
mirror of https://github.com/Retropex/bitcoin.git synced 2025-05-28 21:12:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

doc: net: mention past vulnerability as rationale to limit incoming message size

Browse Source
This commit is contained in:
Antoine Poinsot 2024-07-28 10:54:38 +02:00
parent 4489117c3f
commit ad616b6c01
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/net.cpp
View File

@ -761,6 +761,8 @@ int V1Transport::readHeader(Span<const uint8_t> msg_bytes)
}
// reject messages larger than MAX_SIZE or MAX_PROTOCOL_MESSAGE_LENGTH
// NOTE: failing to perform this check previously allowed a malicious peer to make us allocate 32MiB of memory per
// connection. See https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom.
if (hdr.nMessageSize > MAX_SIZE || hdr.nMessageSize > MAX_PROTOCOL_MESSAGE_LENGTH) {
LogDebug(BCLog::NET, "Header error: Size too large (%s, %u bytes), peer=%d\n", SanitizeString(hdr.GetMessageType()), hdr.nMessageSize, m_node_id);
return -1;