Merge #9693: Prevent integer overflow in ReadVarInt.

45f0961 Prevent integer overflow in ReadVarInt. (Gregory Maxwell) Tree-SHA512: 385ea0efb6b59d44c45a49227e5f6fff236b4775544cbeb236312a3fd87fd75c226ac56f7aa1bca66b853639da75a579610074f7582f92cf2ebd4a74bc40f6f0
author: Pieter Wuille <[email protected]> 2017-04-17 04:46:34 -0700
committer: Pieter Wuille <[email protected]> 2017-04-17 04:58:31 -0700
commit: c5e9e428a9198c8c4076f239b5eaa8dc95e7985b (patch)
tree: 4f775789f219f0f6c8815a4e6916e2e3698d8b31 /src
parent: Merge #10204: [rpc] rename disconnectnode argument (diff)
parent: Prevent integer overflow in ReadVarInt. (diff)
download: discoin-c5e9e428a9198c8c4076f239b5eaa8dc95e7985b.tar.xz
discoin-c5e9e428a9198c8c4076f239b5eaa8dc95e7985b.zip
1 files changed, 9 insertions, 2 deletions
diff --git a/src/serialize.h b/src/serialize.h
index e4d72d234..e82ddf2c5 100644
--- a/src/serialize.h
+++ b/src/serialize.h
@@ -336,11 +336,18 @@ I ReadVarInt(Stream& is)
     I n = 0;
     while(true) {
         unsigned char chData = ser_readdata8(is);
+        if (n > (std::numeric_limits<I>::max() >> 7)) {
+           throw std::ios_base::failure("ReadVarInt(): size too large");
+        }
         n = (n << 7) | (chData & 0x7F);
-        if (chData & 0x80)
+        if (chData & 0x80) {
+            if (n == std::numeric_limits<I>::max()) {
+                throw std::ios_base::failure("ReadVarInt(): size too large");
+            }
             n++;
-        else
+        } else {
             return n;
+        }
     }
 }
author	Pieter Wuille <[email protected]>	2017-04-17 04:46:34 -0700
committer	Pieter Wuille <[email protected]>	2017-04-17 04:58:31 -0700
commit	c5e9e428a9198c8c4076f239b5eaa8dc95e7985b (patch)
tree	4f775789f219f0f6c8815a4e6916e2e3698d8b31 /src
parent	Merge #10204: [rpc] rename disconnectnode argument (diff)
parent	Prevent integer overflow in ReadVarInt. (diff)
download	discoin-c5e9e428a9198c8c4076f239b5eaa8dc95e7985b.tar.xz discoin-c5e9e428a9198c8c4076f239b5eaa8dc95e7985b.zip