BTCPrivate
/
BTCP-Rebase
mirror of https://github.com/BTCPrivate/BTCP-Rebase.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Prevent integer overflow in ReadVarInt. 

We don't normally use ReadVarInt from untrusted inputs, but we might
 see this in the case of corruption.

This is exposed in test_bitcoin_fuzzy.
This commit is contained in:
Gregory Maxwell 2017-02-06 02:52:27 +00:00
parent 923dc447ea
commit 45f09618f2
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/serialize.h
View File

@ -336,11 +336,18 @@ I ReadVarInt(Stream& is)
I n = 0;
while(true) {
unsigned char chData = ser_readdata8(is);
if (n > (std::numeric_limits<I>::max() >> 7)) {
throw std::ios_base::failure("ReadVarInt(): size too large");
}
n = (n << 7) | (chData & 0x7F);
if (chData & 0x80)
if (chData & 0x80) {
if (n == std::numeric_limits<I>::max()) {
throw std::ios_base::failure("ReadVarInt(): size too large");
}
n++;
else
} else {
return n;
}
}
}