Truncate oversize 'tx' messages before relaying/storing.

Fixes a memory exhaustion attack on low-memory peers.
fastcoin-project · Jun 25, 2013 · 7cc960f · 7cc960f
1 parent 09e437b
commit 7cc960f
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/main.cpp b/src/main.cpp
@@ -3508,6 +3508,16 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv)
         CInv inv(MSG_TX, tx.GetHash());
         pfrom->AddInventoryKnown(inv);
 
+        // Truncate messages to the size of the tx in them
+        unsigned int nSize = ::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION);
+        unsigned int oldSize = vMsg.size();
+        if (nSize < oldSize) {
+            vMsg.resize(nSize);
+            printf("truncating oversized TX %s (%u -> %u)\n",
+                   tx.GetHash().ToString().c_str(),
+                   oldSize, nSize);
+        }
+
         bool fMissingInputs = false;
         CValidationState state;
         if (tx.AcceptToMemoryPool(state, true, true, &fMissingInputs))