forks/go-ethereum
1
0
Fork 1
mirror of https://github.com/ethereum/go-ethereum.git synced 2026-06-19 21:31:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

impose size limit for DecodeBytesExtraFields (#1637)

Browse source
This commit is contained in:
Wanwiset Peerapatanapokin 2025-10-16 12:16:14 +04:00 committed by GitHub
parent 53f6a8d6d9
commit e0c987f45a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
consensus/XDPoS/utils/utils.go
View file

@ -81,6 +81,11 @@ func DecodeBytesExtraFields(b []byte, val interface{}) error {
if len(b) == 0 {
return errors.New("extra field is 0 length")
}
// Prevent payload attack, limit the size of extra field to 20k bytes. Normal Extrafield payload is less than 7k bytes.
if len(b) > 20000 {
return errors.New("extra field is too long")
}
switch b[0] {
case 2:
return rlp.DecodeBytes(b[1:], val)