foster/bitcoin-bitcoin-core
0
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-02-02 09:46:52 -05:00
Code Issues Activity

Merge bitcoin/bitcoin#22455: addrman: detect on-disk corrupted nNew and nTried during unserialization

Browse source 
816f29eab2 addrman: detect on-disk corrupted nNew and nTried during unserialization (Vasil Dimov)

Pull request description:

  Negative `nNew` or `nTried` are not possible during normal operation.
  So, if we read such values during unserialize, report addrman
  corruption.

  Fixes https://github.com/bitcoin/bitcoin/issues/22450

ACKs for top commit:
  MarcoFalke:
    cr ACK 816f29eab2
  jonatack:
    ACK 816f29eab2
  lsilva01:
    Code Review ACK 816f29eab2.  This change provides a more accurate description of the error.

Tree-SHA512: 01bdd72d2d86a0ef770a319fee995fd1e147b24a8db84ddb8cd121688e7f94fed73fddc0084758e7183c4f8d08e971f0b1b224f5adb10928a5aa4dbbc8709d74
This commit is contained in:
MarcoFalke 2021-07-19 14:25:46 +02:00
commit 54e31742d2
No known key found for this signature in database
GPG key ID: CE2B75697E69A548
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/addrman.h
View file

@ -334,12 +334,18 @@ public:
nUBuckets ^= (1 << 30); nUBuckets ^= (1 << 30);
} }
if (nNew > ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE) { if (nNew > ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE || nNew < 0) {
throw std::ios_base::failure("Corrupt CAddrMan serialization, nNew exceeds limit."); throw std::ios_base::failure(
strprintf("Corrupt CAddrMan serialization: nNew=%d, should be in [0, %u]",
nNew,
ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE));
} }
if (nTried > ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE) { if (nTried > ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE || nTried < 0) {
throw std::ios_base::failure("Corrupt CAddrMan serialization, nTried exceeds limit."); throw std::ios_base::failure(
strprintf("Corrupt CAddrMan serialization: nTried=%d, should be in [0, %u]",
nTried,
ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE));
} }
// Deserialize entries from the new table. // Deserialize entries from the new table.