Merge pull request #4655

216e9a4 Add a way to limit deserialized string lengths (Pieter Wuille)
2026-01-20 07:09:15 +01:00 · 2014-08-18 09:47:06 +02:00
parent e2e73e5d8f 216e9a4456
commit 21e7a5690f
4 changed files with 46 additions and 14 deletions
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -3568,7 +3568,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
        if (!vRecv.empty())
            vRecv >> addrFrom >> nNonce;
        if (!vRecv.empty()) {
-            vRecv >> pfrom->strSubVer;
+            vRecv >> LIMITED_STRING(pfrom->strSubVer, 256);
            pfrom->cleanSubVer = SanitizeString(pfrom->strSubVer);
        }
        if (!vRecv.empty())
@@ -4192,7 +4192,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
        if (fDebug)
        {
            string strMsg; unsigned char ccode; string strReason;
-            vRecv >> strMsg >> ccode >> strReason;
+            vRecv >> LIMITED_STRING(strMsg, CMessageHeader::COMMAND_SIZE) >> ccode >> LIMITED_STRING(strReason, 111);

            ostringstream ss;
            ss << strMsg << " code " << itostr(ccode) << ": " << strReason;
@@ -4203,10 +4203,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv,
                vRecv >> hash;
                ss << ": hash " << hash.ToString();
            }
-            // Truncate to reasonable length and sanitize before printing:
-            string s = ss.str();
-            if (s.size() > 111) s.erase(111, string::npos);
-            LogPrint("net", "Reject %s\n", SanitizeString(s));
+            LogPrint("net", "Reject %s\n", SanitizeString(ss.str()));
        }
    }