Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MerkleBlockPayload need to ensure the deserialization #1375

Closed
shargon opened this issue Dec 19, 2019 · 0 comments · Fixed by #1377
Closed

MerkleBlockPayload need to ensure the deserialization #1375

shargon opened this issue Dec 19, 2019 · 0 comments · Fixed by #1377

Comments

@shargon
Copy link
Member

shargon commented Dec 19, 2019
edited
Loading

Describe the bug
MerkleBlockPayload doesn't check the limits of the expected values, in all of them the maximum values are Block.MaxTransactionsPerBlock. If we don't check this we can allocate more memory than expected.

To Reproduce
Steps to reproduce the behavior:

  1. Create a crafted MerkleBlockPayload with 16777216 Hashes (only the prefix, not the content)
  2. OnDeserialize it will allocate 16mb of items.
  3. It could produce a Deny of Service if a lot of nodes are doing the same at same time.

Expected behavior
Expect only MaxTransactionsPerBlock.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Set limits in MerkleBlockPayload (3x) shargon/neo
1 participant
@shargon