aboutsummaryrefslogtreecommitdiff
path: root/src/cryptonote_core
diff options
context:
space:
mode:
authorRiccardo Spagni <ric@spagni.net>2018-02-16 14:26:58 +0100
committerRiccardo Spagni <ric@spagni.net>2018-02-16 14:26:58 +0100
commitf4a6bc79d9a751480597aa007a1c6d315604f856 (patch)
tree6cd77005a74333cef7d9b0d62e311177417c2d0a /src/cryptonote_core
parentMerge pull request #3252 (diff)
parentkeccak: fix mdlen bounds sanity checking (diff)
downloadmonero-f4a6bc79d9a751480597aa007a1c6d315604f856.tar.xz
Merge pull request #3226
e4646379 keccak: fix mdlen bounds sanity checking (moneromooo-monero) 2e3e90ac pass large parameters by const ref, not value (moneromooo-monero) 61defd89 blockchain: sanity check number of precomputed hash of hash blocks (moneromooo-monero) 9af6b2d1 ringct: fix infinite loop in unused h2b function (moneromooo-monero) 8cea8d0c simplewallet: double check a new multisig wallet is multisig (moneromooo-monero) 9b98a6ac threadpool: catch exceptions in dtor, to avoid terminate (moneromooo-monero) 24803ed9 blockchain_export: fix buffer overflow in exporter (moneromooo-monero) f3f7da62 perf_timer: rewrite to make it clear there is no division by zero (moneromooo-monero) c6ea3df0 performance_tests: remove add_arg call stray extra param (moneromooo-monero) fa6b4566 fuzz_tests: fix an uninitialized var in setup (moneromooo-monero) 03887f11 keccak: fix sanity check bounds test (moneromooo-monero) ad11db91 blockchain_db: initialize m_open in base class ctor (moneromooo-monero) bece67f9 miner: restore std::cout precision after modification (moneromooo-monero) 1aabd14c db_lmdb: check hard fork info drop succeeded (moneromooo-monero)
Diffstat (limited to 'src/cryptonote_core')
-rw-r--r--src/cryptonote_core/blockchain.cpp7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/cryptonote_core/blockchain.cpp b/src/cryptonote_core/blockchain.cpp
index f165aa46c..fe4004caa 100644
--- a/src/cryptonote_core/blockchain.cpp
+++ b/src/cryptonote_core/blockchain.cpp
@@ -4348,8 +4348,13 @@ void Blockchain::load_compiled_in_block_hashes()
{
const unsigned char *p = get_blocks_dat_start(m_testnet);
const uint32_t nblocks = *p | ((*(p+1))<<8) | ((*(p+2))<<16) | ((*(p+3))<<24);
+ if (nblocks > (std::numeric_limits<uint32_t>::max() - 4) / sizeof(hash))
+ {
+ MERROR("Block hash data is too large");
+ return;
+ }
const size_t size_needed = 4 + nblocks * sizeof(crypto::hash);
- if(nblocks > 0 && nblocks * HASH_OF_HASHES_STEP > m_db->height() && get_blocks_dat_size(m_testnet) >= size_needed)
+ if(nblocks > 0 && nblocks > (m_db->height() + HASH_OF_HASHES_STEP - 1) / HASH_OF_HASHES_STEP && get_blocks_dat_size(m_testnet) >= size_needed)
{
p += sizeof(uint32_t);
m_blocks_hash_of_hashes.reserve(nblocks);