Limit STVar recursion during deserialization (RIPD-1603):

Browse Source

Constructing deeply nested objects could allow an attacker to
cause a server to overflow its available stack.

We now enforce a 10-deep nesting limit, and signal an error
if we encounter objects that are nested deeper.

Acknowledgements:
Ripple thanks Guido Vranken for responsibly disclosing this
issues.

Bug Bounties and Responsible Disclosures:
We welcome reviews of the rippled codebase and urge reviewers
to responsibly disclose any issues that they may find. For
more on Ripple's Bug Bounty program, please visit
https://ripple.com/bug-bounty

...

This commit is contained in:

Howard Hinnant

2018-03-03 09:02:22 -05:00

committed by Nikolaos D. Bougalis

parent 9af994ceb4

commit 881cd4cfad

8 changed files with 1323 additions and 109 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

1247

src/test/protocol/STTx_test.cpp

File diff suppressed because it is too large Load Diff