zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Stop untrusted preallocation during script deserialization 

This is an easy memory denial of service attack.
This commit is contained in:
teor 2021-03-19 17:19:37 +10:00 committed by Deirdre Connolly
parent 609d70ae53
commit 5c55f7210c
1 changed files with 8 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
zebra-chain/src/transparent/script.rs
View File

@ -1,11 +1,10 @@
//! Bitcoin script for Zebra
#![allow(clippy::unit_arg)] #![allow(clippy::unit_arg)]
use crate::serialization::{
ReadZcashExt, SerializationError, WriteZcashExt, ZcashDeserialize, ZcashSerialize, use crate::serialization::{SerializationError, WriteZcashExt, ZcashDeserialize, ZcashSerialize};
};
use std::{ use std::{fmt, io};
fmt,
io::{self, Read},
};
/// An encoding of a Bitcoin script. /// An encoding of a Bitcoin script.
#[derive(Clone, Eq, PartialEq, Serialize, Deserialize, Hash)] #[derive(Clone, Eq, PartialEq, Serialize, Deserialize, Hash)]
@ -32,12 +31,8 @@ impl ZcashSerialize for Script {
} }
impl ZcashDeserialize for Script { impl ZcashDeserialize for Script {
fn zcash_deserialize<R: io::Read>(mut reader: R) -> Result<Self, SerializationError> { fn zcash_deserialize<R: io::Read>(reader: R) -> Result<Self, SerializationError> {
// XXX what is the max length of a script? Ok(Script(Vec::zcash_deserialize(reader)?))
let len = reader.read_compactsize()?;
let mut bytes = Vec::new();
reader.take(len).read_to_end(&mut bytes)?;
Ok(Script(bytes))
} }
} }