Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(primitives): limit legacy class sizes #459

Merged
merged 1 commit into from
Jan 20, 2025
Merged

fix(primitives): limit legacy class sizes #459

merged 1 commit into from
Jan 20, 2025

Conversation

cchudant
Copy link
Member

@cchudant cchudant commented Jan 9, 2025

Pull Request type

  • Bugfix

What is the current behavior?

Sending a legacy (cairo0) class with a zip-bomb in it could potentially DoS and OOM the node.

What is the new behavior?

Uncompressed size is now limited

Does this introduce a breaking change?

No

@cchudant cchudant mentioned this pull request Jan 9, 2025
Merged
@Trantorian1 Trantorian1 added bug Report an issue or unexpected behavior node Related to the full node implementation labels Jan 10, 2025
Trantorian1
Trantorian1 approved these changes Jan 10, 2025
View reviewed changes
crates/madara/primitives/class/src/convert.rs
}
}

let max = u64::min(buf.len() as u64, self.limit) as usize;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The use of max along with the min function is a bit confusing here. I get what this does but maybe a name to_take would be clearer?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i stole that code from the standard library, but i agree with you

@antiyro antiyro merged commit 7b8d768 into main Jan 20, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Trantorian1 Trantorian1 Trantorian1 approved these changes

@antiyro antiyro antiyro approved these changes

@Mohiiit Mohiiit Mohiiit approved these changes

@EvolveArt EvolveArt Awaiting requested review from EvolveArt

@jbcaron jbcaron Awaiting requested review from jbcaron

Assignees

@cchudant cchudant

Labels
bug Report an issue or unexpected behavior node Related to the full node implementation
Projects
Madara
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cchudant @Mohiiit @antiyro @Trantorian1