Detect malformed data earlier during deserialization (RIPD-1695):

When deserializing specially crafted data, the code would ignore certain types of errors. Reserializing objects created from such data results in failures or generates a different serialization, which is not ideal. Also addresses: RIPD-1677, RIPD-1682, RIPD-1686 and RIPD-1689. Acknowledgements: Ripple thanks Guido Vranken for responsibly disclosing these issues. Bug Bounties and Responsible Disclosures: We welcome reviews of the rippled code and urge researchers to responsibly disclose any issues that they may find. For more on Ripple's Bug Bounty program, please visit: https://ripple.com/bug-bounty
2025-12-06 17:27:52 +00:00 · 2018-11-12 06:23:12 -08:00
parent 2151110976
commit ea76103d5f
5 changed files with 172 additions and 82 deletions
--- a/src/ripple/protocol/STObject.h
+++ b/src/ripple/protocol/STObject.h
@@ -538,16 +538,6 @@ private:
    getSortedFields (
        STObject const& objToSort, WhichFields whichFields);

-    // Two different ways to compare STObjects.
-    //
-    // This one works only if the SOTemplates are the same.  Presumably it
-    // runs faster since there's no sorting.
-    static bool equivalentSTObjectSameTemplate (
-        STObject const& obj1, STObject const& obj2);
-
-    // This way of comparing STObjects always works, but is slower.
-    static bool equivalentSTObject (STObject const& obj1, STObject const& obj2);
-
    // Implementation for getting (most) fields that return by value.
    //
    // The remove_cv and remove_reference are necessitated by the STBitString