ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-12-06 17:27:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Limit STVar recursion during deserialization (RIPD-1603):

Browse Source 
Constructing deeply nested objects could allow an attacker to
cause a server to overflow its available stack.

We now enforce a 10-deep nesting limit, and signal an error
if we encounter objects that are nested deeper.

Acknowledgements:
Ripple thanks Guido Vranken for responsibly disclosing this
issues.

Bug Bounties and Responsible Disclosures:
We welcome reviews of the rippled codebase and urge reviewers
to responsibly disclose any issues that they may find. For
more on Ripple's Bug Bounty program, please visit
https://ripple.com/bug-bounty
This commit is contained in:
Howard Hinnant
2018-03-03 09:02:22 -05:00
committed by Nikolaos D. Bougalis
parent d5f981f5fc
commit 40dc6b1458
8 changed files with 1323 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/ripple/protocol/STArray.h
View File

@@ -53,7 +53,7 @@ public:
STArray (STArray&&);
STArray (STArray const&) = default;
STArray (SField const& f, int n);
STArray (SerialIter& sit, SField const& f);
STArray (SerialIter& sit, SField const& f, int depth = 0);
explicit STArray (int n);
explicit STArray (SField const& f);
STArray& operator= (STArray const&) = default;