cryptonote_protocol_handler: prevent potential DoS
Essentially, one can send such a large amount of IDs that core exhausts all free memory. This issue can theoretically be exploited using very large CN blockchains, such as Monero. This is a partial fix. Thanks and credit given to CryptoNote author 'cryptozoidberg' for collaboration and the fix. Also thanks to 'moneromooo'. Referencing HackerOne report #506595.
This commit is contained in:
parent
b873b69ded
commit
3c953d5369
|
@ -52,6 +52,7 @@ PUSH_WARNINGS
|
||||||
DISABLE_VS_WARNINGS(4355)
|
DISABLE_VS_WARNINGS(4355)
|
||||||
|
|
||||||
#define LOCALHOST_INT 2130706433
|
#define LOCALHOST_INT 2130706433
|
||||||
|
#define CURRENCY_PROTOCOL_MAX_BLOCKS_REQUEST_COUNT 500
|
||||||
|
|
||||||
namespace cryptonote
|
namespace cryptonote
|
||||||
{
|
{
|
||||||
|
|
|
@ -914,6 +914,17 @@ namespace cryptonote
|
||||||
int t_cryptonote_protocol_handler<t_core>::handle_request_get_objects(int command, NOTIFY_REQUEST_GET_OBJECTS::request& arg, cryptonote_connection_context& context)
|
int t_cryptonote_protocol_handler<t_core>::handle_request_get_objects(int command, NOTIFY_REQUEST_GET_OBJECTS::request& arg, cryptonote_connection_context& context)
|
||||||
{
|
{
|
||||||
MLOG_P2P_MESSAGE("Received NOTIFY_REQUEST_GET_OBJECTS (" << arg.blocks.size() << " blocks, " << arg.txs.size() << " txes)");
|
MLOG_P2P_MESSAGE("Received NOTIFY_REQUEST_GET_OBJECTS (" << arg.blocks.size() << " blocks, " << arg.txs.size() << " txes)");
|
||||||
|
|
||||||
|
if (arg.blocks.size() > CURRENCY_PROTOCOL_MAX_BLOCKS_REQUEST_COUNT)
|
||||||
|
{
|
||||||
|
LOG_ERROR_CCONTEXT(
|
||||||
|
"Requested objects count is too big ("
|
||||||
|
<< arg.blocks.size() << ") expected not more then "
|
||||||
|
<< CURRENCY_PROTOCOL_MAX_BLOCKS_REQUEST_COUNT);
|
||||||
|
drop_connection(context, false, false);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
NOTIFY_RESPONSE_GET_OBJECTS::request rsp;
|
NOTIFY_RESPONSE_GET_OBJECTS::request rsp;
|
||||||
if(!m_core.handle_get_objects(arg, rsp, context))
|
if(!m_core.handle_get_objects(arg, rsp, context))
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue