eth, les: add sanity checks for unbounded block fields#19573
Merged
fjl merged 1 commit intoethereum:masterfrom Jul 8, 2019
Merged
eth, les: add sanity checks for unbounded block fields#19573fjl merged 1 commit intoethereum:masterfrom
fjl merged 1 commit intoethereum:masterfrom
Conversation
Member
|
This PR SGTM, but wondering whether we should enforce these in the RLP decoder instead? Wouldn't that essentially have the same result, whilst ensuring that no matter what code path something comes in, we validate it against sanity values? The down side of course is that we do the sanity checks every time we parse data from the database too, but I'm not sure that the extra 2-3 checks outweighs the guarantee that every code path is correct. |
fjl
changed the title
fjl
approved these changes
Jul 8, 2019
19 tasks
wanwiset25
pushed a commit
to XinFinOrg/XDPoSChain
that referenced
this pull request
Jun 19, 2024
This PR adds some hardening in the lower levels of the protocol stack, to bail early on invalid data. Primarily, attacks that this PR protects against are on the "annoyance"-level, which would otherwise write a couple of megabytes of data into the log output, which is a bit resource intensive.
wanwiset25
pushed a commit
to XinFinOrg/XDPoSChain
that referenced
this pull request
Jun 28, 2024
This PR adds some hardening in the lower levels of the protocol stack, to bail early on invalid data. Primarily, attacks that this PR protects against are on the "annoyance"-level, which would otherwise write a couple of megabytes of data into the log output, which is a bit resource intensive.
wanwiset25
added a commit
to XinFinOrg/XDPoSChain
that referenced
this pull request
Aug 23, 2024
…eum#19573)" This reverts commit 8f4a269.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds some hardening in the lower levels of the protocol stack, to bail early on invalid data. Primarily, attacks that this PR protects against are on the "annoyance"-level, which would otherwise write a couple of megabytes of data into the log output, which is a bit resource intensive.