From 481149643325a201fe4f40da3b19588f0b09f8d7 Mon Sep 17 00:00:00 2001
From: Kevin Heifner <heifnerk@objectcomputing.com>
Date: Tue, 5 Mar 2019 16:53:20 -0500
Subject: [PATCH] Consolidated Security Fixes for 1.7.0-rc2

- Fix small memory leak in net_plugin.
- Add additional deadline checks to transaction authorization.
---
 libraries/chain/controller.cpp    |  4 +---
 plugins/net_plugin/net_plugin.cpp | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/libraries/chain/controller.cpp b/libraries/chain/controller.cpp
index 3f1d5cf7837..f3b0a841981 100644
--- a/libraries/chain/controller.cpp
+++ b/libraries/chain/controller.cpp
@@ -1033,9 +1033,7 @@ struct controller_impl {
                        recovered_keys,
                        {},
                        trx_context.delay,
-                       [](){}
-                       /*std::bind(&transaction_context::add_cpu_usage_and_check_time, &trx_context,
-                                 std::placeholders::_1)*/,
+                       [&trx_context](){ trx_context.checktime(); },
                        false
                );
             }
diff --git a/plugins/net_plugin/net_plugin.cpp b/plugins/net_plugin/net_plugin.cpp
index e4adc0dd6ac..320214ae933 100644
--- a/plugins/net_plugin/net_plugin.cpp
+++ b/plugins/net_plugin/net_plugin.cpp
@@ -716,6 +716,7 @@ namespace eosio {
       void rejected_block(const block_id_type& id);
 
       void recv_block(const connection_ptr& conn, const block_id_type& msg, uint32_t bnum);
+      void expire_blocks( uint32_t bnum );
       void recv_transaction(const connection_ptr& conn, const transaction_id_type& id);
       void recv_notice(const connection_ptr& conn, const notice_message& msg, bool generated);
 
@@ -1656,11 +1657,23 @@ namespace eosio {
    }
 
    void dispatch_manager::rejected_block(const block_id_type& id) {
-      fc_dlog(logger,"not sending rejected transaction ${tid}",("tid",id));
+      fc_dlog( logger, "rejected block ${id}", ("id", id) );
       auto range = received_blocks.equal_range(id);
       received_blocks.erase(range.first, range.second);
    }
 
+   void dispatch_manager::expire_blocks( uint32_t lib_num ) {
+      for( auto i = received_blocks.begin(); i != received_blocks.end(); ) {
+         const block_id_type& blk_id = i->first;
+         uint32_t blk_num = block_header::num_from_id( blk_id );
+         if( blk_num <= lib_num ) {
+            i = received_blocks.erase( i );
+         } else {
+            ++i;
+         }
+      }
+   }
+
    void dispatch_manager::bcast_transaction(const transaction_metadata_ptr& ptrx) {
       std::set<connection_ptr> skips;
       const auto& id = ptrx->id;
@@ -2590,6 +2603,7 @@ namespace eosio {
       }
       else {
          sync_master->rejected_block(c, blk_num);
+         dispatcher->rejected_block( blk_id );
       }
    }
 
@@ -2657,6 +2671,7 @@ namespace eosio {
 
       controller& cc = chain_plug->chain();
       uint32_t lib = cc.last_irreversible_block_num();
+      dispatcher->expire_blocks( lib );
       for ( auto &c : connections ) {
          auto &stale_txn = c->trx_state.get<by_block_num>();
          stale_txn.erase( stale_txn.lower_bound(1), stale_txn.upper_bound(lib) );