From ee66476d62d58f40d84f8b56e10f8efb126bd281 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 11 Dec 2017 19:48:57 -0600 Subject: [PATCH] set max msg size otherwise, it is easy to get OutOfMemory panic (somebody can even expoit this) --- consensus/wal.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/consensus/wal.go b/consensus/wal.go index f6be2f135..6532a1a44 100644 --- a/consensus/wal.go +++ b/consensus/wal.go @@ -17,6 +17,10 @@ import ( cmn "github.com/tendermint/tmlibs/common" ) +const ( + maxMsgSizeBytes = 10024 // 10MB +) + //-------------------------------------------------------- // types and functions for savings consensus messages @@ -272,6 +276,10 @@ func (dec *WALDecoder) Decode() (*TimedWALMessage, error) { } length := binary.BigEndian.Uint32(b) + if length > maxMsgSizeBytes { + return nil, DataCorruptionError{fmt.Errorf("length %d exceeded maximum possible value %d", length, maxMsgSizeBytes)} + } + data := make([]byte, length) n, err = dec.rd.Read(data) if err == io.EOF {