foster/bitcoin-bitcoin-core
0
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-02-04 10:07:27 -05:00
Code Issues Activity
bitcoin-bitcoin-core/src/util
History
MarcoFalke abaf943477
Merge bitcoin/bitcoin#24231: streams: Fix read-past-the-end and integer overflows 
fa1b89a6bd scripted-diff: Rename nReadPos to m_read_pos in streams.h (MarcoFalke)
fa56c79df9 Make CDataStream work properly on 64-bit systems (MarcoFalke)
fab02f7991 streams: Fix read-past-the-end and integer overflows (MarcoFalke)

Pull request description:

  This is a follow-up to commit e26b62093a with the following fixes:

  * Fix unsigned integer overflow in `ignore()`, when `nReadPos` wraps.
  * Fix unsigned integer overflow in `read()`, when `nReadPos` wraps.
  * Fix read-past-the-end in `read()`, when `nReadPos` wraps.

  This shouldn't be remote-exploitable, because it requires a stream of more than 1GB of size. However, it might be exploitable if the attacker controls the datadir (I haven't checked).

  A unit test for the overflow in `ignore()` looks like following. It is left as an excercise to the reader to replace `foo.ignore(7)` with the appropriate call to `read()` to reproduce the overflow and read-error in `read()`.

  ```diff
  diff --git a/src/test/coins_tests.cpp b/src/test/coins_tests.cpp
  index 922fd8e513..ec6ea93919 100644
  --- a/src/test/coins_tests.cpp
  +++ b/src/test/coins_tests.cpp
  @@ -534,6 +534,20 @@ BOOST_AUTO_TEST_CASE(ccoins_serialization)
       } catch (const std::ios_base::failure&) {
       }

  +    CDataStream foo{0, 0};
  +    auto size{std::numeric_limits<uint32_t>::max()};
  +    foo.resize(size);
  +    BOOST_CHECK_EQUAL(foo.size(), size);
  +    foo.ignore(std::numeric_limits<int32_t>::max());
  +    size -= std::numeric_limits<int32_t>::max();
  +    BOOST_CHECK_EQUAL(foo.size(), size);
  +    foo.ignore(std::numeric_limits<int32_t>::max());
  +    size -= std::numeric_limits<int32_t>::max();
  +    BOOST_CHECK_EQUAL(foo.size(), size);
  +    BOOST_CHECK_EQUAL(foo.size(), 1);
  +    foo.ignore(7); // Should overflow, as the size is only 1
  +    BOOST_CHECK_EQUAL(foo.size(), uint32_t(1 - 7));
  +
       // Very large scriptPubKey (3*10^9 bytes) past the end of the stream
       CDataStream tmp(SER_DISK, CLIENT_VERSION);
       uint64_t x = 3000000000ULL;
  ```

ACKs for top commit:
  klementtan:
    Code Review ACK fa1b89a6bd:

Tree-SHA512: 67f0a1baafe88eaf1dc844ac55b638d5cf168a18c945e3bf7a2cb03c9a5976674a8e3af2487d8a2c3eae21e5c0e7a519c8b16ee7f104934442e2769d100660e9
2022-02-21 08:09:18 +01:00
..
asmap.cpp refactor: replace boost::filesystem with std::filesystem 2022-02-03 18:35:52 +08:00
asmap.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
bip32.cpp scripted-diff: Bump copyright headers 2020-04-16 13:33:09 -04:00
bip32.h scripted-diff: Use [[nodiscard]] (C++17) instead of NODISCARD 2020-11-26 09:05:59 +00:00
bytevectorhash.cpp
bytevectorhash.h
check.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
epochguard.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
error.cpp scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
error.h rpc: send: support external signer 2021-02-23 14:34:32 +01:00
fastrange.h Add FastRange32 function and use it throughout the codebase 2022-01-07 13:37:47 -05:00
fees.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
fees.h scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
getuniquepath.cpp doc: add missing copyright header to getuniquepath.cpp 2021-09-08 16:28:21 +08:00
getuniquepath.h Introduce GetUniquePath(base) helper method to replace boost::filesystem::unique_path() which is not available in std::filesystem. 2021-02-04 11:38:09 +01:00
golombrice.h [moveonly] Move MapIntoRange() to separate util/fastrange.h 2022-01-06 11:27:06 -05:00
hash_type.h move-only: Add util/hash_type 2021-05-11 10:38:18 +02:00
hasher.cpp Add generic SaltedSipHasher 2020-11-10 14:33:37 -05:00
hasher.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
macros.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
message.cpp scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
message.h Move direct calls to MessageSign into new SignMessage functions in CWallet and ScriptPubKeyMan 2020-03-09 11:16:20 -04:00
moneystr.cpp scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
moneystr.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
overflow.h streams: Fix read-past-the-end and integer overflows 2022-02-09 17:20:22 +01:00
overloaded.h refactor: Make CWalletTx sync state type-safe 2021-11-15 09:11:44 -05:00
rbf.cpp scripted-diff: Bump copyright of files changed in 2019 2019-12-30 10:42:20 +13:00
rbf.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
readwritefile.cpp util: fix WriteBinaryFile() claiming success even if error occurred 2021-03-01 12:57:00 +01:00
readwritefile.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
serfloat.cpp Add platform-independent float encoder/decoder 2021-05-24 16:04:44 -07:00
serfloat.h Add platform-independent float encoder/decoder 2021-05-24 16:04:44 -07:00
settings.cpp refactor: replace boost::filesystem with std::filesystem 2022-02-03 18:35:52 +08:00
settings.h Add <datadir>/settings.json persistent settings storage. 2020-07-11 05:41:12 -04:00
sock.cpp net: add new method Sock::Accept() that wraps accept() 2021-12-01 15:22:08 +01:00
sock.h net: add new method Sock::Accept() that wraps accept() 2021-12-01 15:22:08 +01:00
spanparsing.cpp scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
spanparsing.h scripted-diff: Bump copyright of files changed in 2019 2019-12-30 10:42:20 +13:00
strencodings.cpp Merge bitcoin/bitcoin#24297: Fix unintended unsigned integer overflow in strencodings 2022-02-10 07:17:32 +00:00
strencodings.h util: Restore GetIntArg saturating behavior 2022-01-11 19:54:36 -05:00
string.cpp util: Add Join helper to join a list of strings 2019-08-20 16:51:41 -04:00
string.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
syscall_sandbox.cpp util: Add missing rseq to syscall sandbox 2022-02-17 15:01:43 +01:00
syscall_sandbox.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
system.cpp util: Revert back MoveFileExW call for MinGW-w64 2022-02-14 16:56:35 +02:00
system.h util: use stronger-guarantee rename method 2022-02-10 08:16:05 +00:00
thread.cpp refactor: Make TraceThread a non-template free function 2021-04-25 12:28:44 +03:00
thread.h refactor: Make TraceThread a non-template free function 2021-04-25 12:28:44 +03:00
threadnames.cpp scripted-diff: Bump copyright of files changed in 2019 2019-12-30 10:42:20 +13:00
threadnames.h scripted-diff: Bump copyright of files changed in 2019 2019-12-30 10:42:20 +13:00
time.cpp scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
time.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
tokenpipe.cpp refactor: post Optional<> removal cleanups 2021-03-17 14:56:20 +08:00
tokenpipe.h util: Add RAII TokenPipe 2021-03-04 18:24:00 +01:00
trace.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
translation.h scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
types.h Add util/types.h with ALWAYS_FALSE template 2021-09-07 19:19:02 +02:00
ui_change_type.h wallet: Do not include server symbols 2020-06-27 11:39:09 -04:00
url.cpp scripted-diff: Bump copyright of files changed in 2019 2019-12-30 10:42:20 +13:00
url.h scripted-diff: Bump copyright headers 2020-04-16 13:33:09 -04:00
vector.h Add some general std::vector utility functions 2019-10-16 08:56:57 -07:00