From 29d3b5372e18dd45016e04010e3652d870bc063a Mon Sep 17 00:00:00 2001 From: Shargon Date: Mon, 4 Mar 2019 09:03:04 +0100 Subject: [PATCH 1/2] Securize ConsensusContext Deserialization --- neo/Consensus/ConsensusContext.cs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/neo/Consensus/ConsensusContext.cs b/neo/Consensus/ConsensusContext.cs index 5c3c9da85c..83ba7354d5 100644 --- a/neo/Consensus/ConsensusContext.cs +++ b/neo/Consensus/ConsensusContext.cs @@ -79,7 +79,7 @@ public void Deserialize(BinaryReader reader) TransactionHashes = reader.ReadSerializableArray(); if (TransactionHashes.Length == 0) TransactionHashes = null; - Transaction[] transactions = new Transaction[reader.ReadVarInt()]; + Transaction[] transactions = new Transaction[reader.ReadVarInt(Block.MaxTransactionsPerBlock)]; if (transactions.Length == 0) { Transactions = null; @@ -90,16 +90,16 @@ public void Deserialize(BinaryReader reader) transactions[i] = Transaction.DeserializeFrom(reader); Transactions = transactions.ToDictionary(p => p.Hash); } - PreparationPayloads = new ConsensusPayload[reader.ReadVarInt()]; + PreparationPayloads = new ConsensusPayload[reader.ReadVarInt(Blockchain.MaxValidators)]; for (int i = 0; i < PreparationPayloads.Length; i++) PreparationPayloads[i] = reader.ReadBoolean() ? reader.ReadSerializable() : null; - CommitPayloads = new ConsensusPayload[reader.ReadVarInt()]; + CommitPayloads = new ConsensusPayload[reader.ReadVarInt(Blockchain.MaxValidators)]; for (int i = 0; i < CommitPayloads.Length; i++) CommitPayloads[i] = reader.ReadBoolean() ? reader.ReadSerializable() : null; - ChangeViewPayloads = new ConsensusPayload[reader.ReadVarInt()]; + ChangeViewPayloads = new ConsensusPayload[reader.ReadVarInt(Blockchain.MaxValidators)]; for (int i = 0; i < ChangeViewPayloads.Length; i++) ChangeViewPayloads[i] = reader.ReadBoolean() ? reader.ReadSerializable() : null; - LastChangeViewPayloads = new ConsensusPayload[reader.ReadVarInt()]; + LastChangeViewPayloads = new ConsensusPayload[reader.ReadVarInt(Blockchain.MaxValidators)]; for (int i = 0; i < LastChangeViewPayloads.Length; i++) LastChangeViewPayloads[i] = reader.ReadBoolean() ? reader.ReadSerializable() : null; } From 9492bd833ed1a568746ae3825f755cef7669c6d0 Mon Sep 17 00:00:00 2001 From: Shargon Date: Mon, 4 Mar 2019 09:42:28 +0100 Subject: [PATCH 2/2] Check default value --- neo/Consensus/Helper.cs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/neo/Consensus/Helper.cs b/neo/Consensus/Helper.cs index 363a3e1f90..4c7faeddea 100644 --- a/neo/Consensus/Helper.cs +++ b/neo/Consensus/Helper.cs @@ -49,7 +49,9 @@ public static void Save(this IConsensusContext context, Store store) public static bool Load(this IConsensusContext context, Store store) { byte[] data = store.Get(CN_Context, new byte[0]); - if (data is null) return false; + + if (data is null || data.Length == 0) return false; + using (MemoryStream ms = new MemoryStream(data, false)) using (BinaryReader reader = new BinaryReader(ms)) {