highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-11-12 15:09:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

addrman: detect on-disk corrupted nNew and nTried during unserialization

Browse Source 
Negative `nNew` or `nTried` are not possible during normal operation.
So, if we read such values during unserialize, report addrman
corruption.

Fixes https://github.com/bitcoin/bitcoin/issues/22450
This commit is contained in:
Vasil Dimov
2021-07-15 13:04:26 +02:00
parent 97153a7026
commit 816f29eab2
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/addrman.h
View File

@@ -334,12 +334,18 @@ public:
nUBuckets ^= (1 << 30); nUBuckets ^= (1 << 30);
} }
if (nNew > ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE) { if (nNew > ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE || nNew < 0) {
throw std::ios_base::failure("Corrupt CAddrMan serialization, nNew exceeds limit."); throw std::ios_base::failure(
strprintf("Corrupt CAddrMan serialization: nNew=%d, should be in [0, %u]",
nNew,
ADDRMAN_NEW_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE));
} }
if (nTried > ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE) { if (nTried > ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE || nTried < 0) {
throw std::ios_base::failure("Corrupt CAddrMan serialization, nTried exceeds limit."); throw std::ios_base::failure(
strprintf("Corrupt CAddrMan serialization: nTried=%d, should be in [0, %u]",
nTried,
ADDRMAN_TRIED_BUCKET_COUNT * ADDRMAN_BUCKET_SIZE));
} }
// Deserialize entries from the new table. // Deserialize entries from the new table.