From 307bd8f5ae9dd4b5004d13faf1cdeb556c8fb27f Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Fri, 8 Mar 2019 12:02:21 +0000 Subject: [PATCH] epee: basic sanity check on allocation size from untrusted source Reported by guidov --- contrib/epee/include/storages/portable_storage_from_bin.h | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/epee/include/storages/portable_storage_from_bin.h b/contrib/epee/include/storages/portable_storage_from_bin.h index 2884f8c5e..e0a32b3ca 100644 --- a/contrib/epee/include/storages/portable_storage_from_bin.h +++ b/contrib/epee/include/storages/portable_storage_from_bin.h @@ -136,6 +136,7 @@ namespace epee //for pod types array_entry_t sa; size_t size = read_varint(); + CHECK_AND_ASSERT_THROW_MES(size <= m_count, "Size sanity check failed"); sa.reserve(size); //TODO: add some optimization here later while(size--)