Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

eth, les: add sanity checks for unbounded block fields #19573

Merged
merged 1 commit into from
Jul 8, 2019
Merged

eth, les: add sanity checks for unbounded block fields #19573

merged 1 commit into from
Jul 8, 2019

Conversation

holiman
Copy link
Contributor

@holiman holiman commented May 14, 2019

This PR adds some hardening in the lower levels of the protocol stack, to bail early on invalid data. Primarily, attacks that this PR protects against are on the "annoyance"-level, which would otherwise write a couple of megabytes of data into the log output, which is a bit resource intensive.

@adamschmideg adamschmideg added this to the 1.9.0 milestone Jun 13, 2019
@karalabe karalabe self-assigned this Jun 13, 2019
@karalabe
Copy link
Member

karalabe commented Jul 4, 2019

This PR SGTM, but wondering whether we should enforce these in the RLP decoder instead? Wouldn't that essentially have the same result, whilst ensuring that no matter what code path something comes in, we validate it against sanity values?

The down side of course is that we do the sanity checks every time we parse data from the database too, but I'm not sure that the extra 2-3 checks outweighs the guarantee that every code path is correct.

@fjl fjl changed the title p2p/eth/les: protocol hardening eth, les: add sanity checks for unbounded block fields Jul 8, 2019
@fjl fjl merged commit cdfe9a3 into ethereum:master Jul 8, 2019
@wanwiset25 wanwiset25 mentioned this pull request Jun 3, 2024
Merged
19 tasks
wanwiset25 pushed a commit to XinFinOrg/XDPoSChain that referenced this pull request Jun 19, 2024
@holiman @wanwiset25
eth, les: add sanity checks for unbounded block fields (ethereum#19573)
58b6709 
This PR adds some hardening in the lower levels of the protocol stack, to bail early on invalid data. Primarily, attacks that this PR protects against are on the "annoyance"-level, which would otherwise write a couple of megabytes of data into the log output, which is a bit resource intensive.
wanwiset25 pushed a commit to XinFinOrg/XDPoSChain that referenced this pull request Jun 28, 2024
@holiman @wanwiset25
eth, les: add sanity checks for unbounded block fields (ethereum#19573)
8f4a269 
This PR adds some hardening in the lower levels of the protocol stack, to bail early on invalid data. Primarily, attacks that this PR protects against are on the "annoyance"-level, which would otherwise write a couple of megabytes of data into the log output, which is a bit resource intensive.
wanwiset25 added a commit to XinFinOrg/XDPoSChain that referenced this pull request Aug 23, 2024
@wanwiset25
Revert "eth, les: add sanity checks for unbounded block fields (ether…
a523f77 
…eum#19573)"

This reverts commit 8f4a269.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fjl fjl fjl approved these changes

@karalabe karalabe Awaiting requested review from karalabe

@zsfelfoldi zsfelfoldi Awaiting requested review from zsfelfoldi

Assignees

@karalabe karalabe

Labels
None yet
Projects
None yet
Milestone
1.9.0
Development

Successfully merging this pull request may close these issues.
4 participants
@holiman @karalabe @fjl @adamschmideg