Commit graph

11 commits

Author SHA1 Message Date
Dave Collins
5cc32bbfc7 Add bounds checking to all variable length allocs.
Several of the bitcoin data structures contain variable length entries,
many of which have well-defined maximum limits.  However, there are still
a few cases, such as variable length strings and number of transactions
which don't have clearly defined maximum limits.  Instead they are only
limited by the maximum size of a message.

In order to efficiently decode messages, space is pre-allocated for the
slices which hold these variable length pieces as to avoid needing to
dynamically grow the backing arrays.  Due to this however, it was
previously possible to claim extremely high slice lengths which exceed
available memory (or maximum allowed slice lengths).

This commit imposes limits to all of these cases based on calculating
the maximum possible number of elements that could fit into a message
and using those as sane upper limits.

The variable length string case was found (and tests added to hit it) by
drahn@ which prompted an audit to find all cases.
2013-10-25 08:55:39 -05:00
Dave Collins
5f971e10e6 Pre-allocate space for slices.
Several of the messages store the parts that have a variable number of
elements as slices.  This commit modifies the code to choose sane defaults
for the backing arrays for the slices so when the entries are actually
appended, a lot of the overhead of growing the backing arrays and copying
the data multiple times is avoided.

Along the same lines, when decoding messages, the actual size is known and
now is pre-allocated instead of dynamically growing the backing array
thereby avoiding some overhead.
2013-09-25 14:38:28 -05:00
Dave Collins
b4b7204a97 Remove BtcDecodeTxLoc since it has been replaced.
BtcDecodeTxLoc is no longer needed since it has been replaced by
DeserializeTxLoc.
2013-08-05 19:18:45 -05:00
Dave Collins
d90740728e Remove protocol version param from BlockSha/Txsha.
Both of these depend on the serialized bytes which are dependent on the
version field in the block/transaction.  They must be independent of the
protocol version so there is no need to require it.
2013-08-05 18:08:57 -05:00
Dave Collins
088f3c923d Add Serialize/Deserialize for MsgBlock and MsgTx.
This commit introduces two new functions for MsgBlock and MsgTx named
Serialize and Deserialize.  The functions provide a stable mechanism for
serializing and deserializing blocks and transactions to and from disk
without having to worry about the protocol version.  Instead these
functions use the Version fields in the blocks and transactions.

These new functions differ from BtcEncode and BtcDecode in that the latter
functions are intended to encode/decode blocks and transaction from the
wire which technically can differ depending on the protocol version and
don't even really need to use the same format as the stored data.

Currently, there is no difference between the two, and due to how
intertwined they are in the reference implementaiton, they may not ever
diverge, but there is a difference and the goal for btcwire is to provide
a stable API that is flexible enough to deal with encoding changes.
2013-08-05 18:07:56 -05:00
Dave Collins
9989865fa2 Use correct max block payload size.
The maximum block payload size is actually 1000000 bytes, not 1MB.
2013-07-27 15:25:05 -05:00
Dave Collins
d54fba85b4 Export the MaxBlockPayload constant.
Although you can technically get at this value via the MaxPayloadLength
function on a block, it is less overhead for any consumers that need to
know the value to simply export it directly.
2013-06-20 13:09:44 -05:00
Dave Collins
14a1da417f Enforce max block payload size of 1MB.
This commit changes MsgBlock to enforce a 1MB max payload per the spec.
Previously it was only limited to the max overall message size.  While
here, also enforce max payloads per message type (instead of only the max
overall message payload) when writing messages.
2013-05-16 09:07:04 -05:00
Dave Collins
1bab947596 Remove a few dead error checks.
The functions for generating transaction and block hashes contained a few
error checks for conditions which could never fail without run-time
panics.  This commit removes those superfluous checks and adds explanatory
comments.
2013-05-12 14:01:50 -05:00
Dave Collins
bf5c0b58d8 Fix a few comment typos. 2013-05-09 00:02:07 -05:00
Dave Collins
69b27dd5d3 Initial implementation. 2013-05-08 18:58:29 -05:00