Truncate oversize 'tx' messages before relaying/storing.

Fixes a memory exhaustion attack on low-memory peers.
This commit is contained in:
Peter Todd 2013-06-25 09:57:59 -04:00 committed by Gavin Andresen
parent 2e01ec3207
commit c40a5aaaf4

View file

@ -3567,6 +3567,16 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv)
CInv inv(MSG_TX, tx.GetHash());
pfrom->AddInventoryKnown(inv);
// Truncate messages to the size of the tx in them
unsigned int nSize = ::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION);
unsigned int oldSize = vMsg.size();
if (nSize < oldSize) {
vMsg.resize(nSize);
printf("truncating oversized TX %s (%u -> %u)\n",
tx.GetHash().ToString().c_str(),
oldSize, nSize);
}
bool fMissingInputs = false;
CValidationState state;
if (mempool.accept(state, tx, true, &fMissingInputs))