From c40a5aaaf484855a4350fd702e8e72fd21a68155 Mon Sep 17 00:00:00 2001
From: Peter Todd <pete@petertodd.org>
Date: Tue, 25 Jun 2013 09:57:59 -0400
Subject: [PATCH] Truncate oversize 'tx' messages before relaying/storing.

Fixes a memory exhaustion attack on low-memory peers.
---
 src/main.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/main.cpp b/src/main.cpp
index da928a4b9..f3ce43660 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -3567,6 +3567,16 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv)
         CInv inv(MSG_TX, tx.GetHash());
         pfrom->AddInventoryKnown(inv);
 
+        // Truncate messages to the size of the tx in them
+        unsigned int nSize = ::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION);
+        unsigned int oldSize = vMsg.size();
+        if (nSize < oldSize) {
+            vMsg.resize(nSize);
+            printf("truncating oversized TX %s (%u -> %u)\n",
+                   tx.GetHash().ToString().c_str(),
+                   oldSize, nSize);
+        }
+
         bool fMissingInputs = false;
         CValidationState state;
         if (mempool.accept(state, tx, true, &fMissingInputs))