ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-11-22 03:25:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Detect malformed data earlier during deserialization (RIPD-1695):

Browse Source 
When deserializing specially crafted data, the code would ignore certain
types of errors. Reserializing objects created from such data results in
failures or generates a different serialization, which is not ideal.

Also addresses: RIPD-1677, RIPD-1682, RIPD-1686 and RIPD-1689.

Acknowledgements:
Ripple thanks Guido Vranken for responsibly disclosing these issues.

Bug Bounties and Responsible Disclosures:
We welcome reviews of the rippled code and urge researchers to responsibly
disclose any issues that they may find. For more on Ripple's Bug Bounty
program, please visit: https://ripple.com/bug-bounty
This commit is contained in:
Nik Bougalis
2018-11-12 06:23:12 -08:00
parent 2151110976
commit ea76103d5f
5 changed files with 172 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ripple/protocol/impl/STTx.cpp
View File

@@ -71,7 +71,9 @@ STTx::STTx (SerialIter& sit) noexcept (false)
if ((length < txMinSizeBytes) || (length > txMaxSizeBytes))
Throw<std::runtime_error> ("Transaction length invalid");
set (sit);
if (set (sit))
Throw<std::runtime_error> ("Transaction contains an object terminator");
tx_type_ = static_cast<TxType> (getFieldU16 (sfTransactionType));
applyTemplate (getTxFormat (tx_type_)->elements); // May throw