Address issues identified by external review:

* RIPD-1617, RIPD-1619, RIPD-1621: Verify serialized public keys more strictly before using them. * RIPD-1618: * Simplify the base58 decoder logic. * Reduce the complexity of the base58 encoder and eliminate a potential out-of-bounds memory access. * Improve type safety by using an `enum class` to enforce strict type checking for token types. * RIPD-1616: Avoid calling `memcpy` with a null pointer even if the size is specified as zero, since it results in undefined behavior. Acknowledgements: Ripple thanks Guido Vranken for responsibly disclosing these issues. Bug Bounties and Responsible Disclosures: We welcome reviews of the rippled code and urge researchers to responsibly disclose any issues that they may find. For more on Ripple's Bug Bounty program, please visit: https://ripple.com/bug-bounty
2025-12-06 17:27:55 +00:00 · 2018-03-15 20:58:05 -07:00
parent 25de6b0a5f
commit d5f981f5fc
47 changed files with 393 additions and 264 deletions
--- a/src/ripple/overlay/impl/OverlayImpl.cpp
+++ b/src/ripple/overlay/impl/OverlayImpl.cpp
@@ -424,7 +424,7 @@ OverlayImpl::add_active (std::shared_ptr<PeerImp> const& peer)
        "activated " << peer->getRemoteAddress() <<
        " (" << peer->id() << ":" <<
        toBase58 (
-            TokenType::TOKEN_NODE_PUBLIC,
+            TokenType::NodePublic,
            peer->getNodePublic()) << ")";

    // As we are not on the strand, run() must be called
@@ -610,7 +610,7 @@ OverlayImpl::activate (std::shared_ptr<PeerImp> const& peer)
        "activated " << peer->getRemoteAddress() <<
        " (" << peer->id() <<
        ":" << toBase58 (
-            TokenType::TOKEN_NODE_PUBLIC,
+            TokenType::NodePublic,
            peer->getNodePublic()) << ")";

    // We just accepted this peer so we have non-zero active peers