diff options
| author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2021-01-02 12:34:28 +0000 |
|---|---|---|
| committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2021-01-02 12:34:28 +0000 |
| commit | 5cd6fda1eeaf7f9b0b62a6a77010f2b53c3f1bf5 (patch) | |
| tree | b86a52c6677d81b603ec237b987ee6036f4142d2 | |
| parent | Merge pull request #7250 (diff) | |
| download | monero-5cd6fda1eeaf7f9b0b62a6a77010f2b53c3f1bf5.tar.xz | |
portable_storage: better sanity checking
| -rw-r--r-- | contrib/epee/include/storages/portable_storage_from_bin.h | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/contrib/epee/include/storages/portable_storage_from_bin.h b/contrib/epee/include/storages/portable_storage_from_bin.h index 631ad307b..dfd815f97 100644 --- a/contrib/epee/include/storages/portable_storage_from_bin.h +++ b/contrib/epee/include/storages/portable_storage_from_bin.h @@ -38,6 +38,7 @@ #define EPEE_PORTABLE_STORAGE_RECURSION_LIMIT_INTERNAL 100 #endif #define EPEE_PORTABLE_STORAGE_OBJECT_LIMIT_INTERNAL 65536 +#define EPEE_PORTABLE_STORAGE_OBJECT_FIELD_LIMIT_INTERNAL 262144 namespace epee { @@ -104,6 +105,7 @@ namespace epee size_t m_count; size_t m_recursion_count; size_t m_objects; + size_t m_fields; }; inline throwable_buffer_reader::throwable_buffer_reader(const void* ptr, size_t sz) @@ -116,6 +118,7 @@ namespace epee m_count = sz; m_recursion_count = 0; m_objects = 0; + m_fields = 0; } inline void throwable_buffer_reader::read(void* target, size_t count) @@ -243,6 +246,8 @@ namespace epee inline storage_entry throwable_buffer_reader::read_se<section>() { RECURSION_LIMITATION(); + CHECK_AND_ASSERT_THROW_MES(m_objects < EPEE_PORTABLE_STORAGE_OBJECT_LIMIT_INTERNAL, "Too many objects"); + ++m_objects; section s;//use extra variable due to vs bug, line "storage_entry se(section()); " can't be compiled in visual studio storage_entry se(std::move(s)); section& section_entry = boost::get<section>(se); @@ -294,8 +299,8 @@ namespace epee RECURSION_LIMITATION(); sec.m_entries.clear(); size_t count = read_varint(); - CHECK_AND_ASSERT_THROW_MES(count <= EPEE_PORTABLE_STORAGE_OBJECT_LIMIT_INTERNAL - m_objects, "Too many objects"); - m_objects += count; + CHECK_AND_ASSERT_THROW_MES(count <= EPEE_PORTABLE_STORAGE_OBJECT_FIELD_LIMIT_INTERNAL - m_fields, "Too many object fields"); + m_fields += count; while(count--) { //read section name string |