AlphaX/qortal
1
0
Fork 0
forked from Qortal/qortal
Code Issues Pull Requests Projects Releases Wiki Activity

Additional checks on byte lengths in BlockTransformer, especially before buffer allocation

Browse Source
This commit is contained in:
catbref 2019-09-23 16:46:16 +01:00
parent aa54ec212f
commit e009147956
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/org/qora/transform/block/BlockTransformer.java
View File

@ -89,6 +89,9 @@ public class BlockTransformer extends Transformer {
if (version >= 2 && byteBuffer.remaining() < BASE_LENGTH + AT_BYTES_LENGTH - VERSION_LENGTH) if (version >= 2 && byteBuffer.remaining() < BASE_LENGTH + AT_BYTES_LENGTH - VERSION_LENGTH)
throw new TransformationException("Byte data too short for V2+ Block"); throw new TransformationException("Byte data too short for V2+ Block");
if (byteBuffer.remaining() > Block.MAX_BLOCK_BYTES)
throw new TransformationException("Byte data too long for Block");
long timestamp = byteBuffer.getLong(); long timestamp = byteBuffer.getLong();
byte[] reference = new byte[BLOCK_REFERENCE_LENGTH]; byte[] reference = new byte[BLOCK_REFERENCE_LENGTH];
@ -226,7 +229,11 @@ public class BlockTransformer extends Transformer {
// Online accounts timestamp is only present if there are also signatures // Online accounts timestamp is only present if there are also signatures
onlineAccountsTimestamp = byteBuffer.getLong(); onlineAccountsTimestamp = byteBuffer.getLong();
onlineAccountsSignatures = new byte[onlineAccountsSignaturesCount * Transformer.SIGNATURE_LENGTH]; final int signaturesByteLength = onlineAccountsSignaturesCount * Transformer.SIGNATURE_LENGTH;
if (signaturesByteLength > Block.MAX_BLOCK_BYTES)
throw new TransformationException("Byte data too long for online accounts signatures");
onlineAccountsSignatures = new byte[signaturesByteLength];
byteBuffer.get(onlineAccountsSignatures); byteBuffer.get(onlineAccountsSignatures);
} }
} }