Add memory DoS prevention comments

2021-03-22 07:58:47 +10:00 · 2021-03-22 07:58:47 +10:00 · b623acc945
parent 35fc683868
commit b623acc945
2 changed files with 2 additions and 0 deletions
--- a/zebra-chain/src/transparent/serialize.rs
+++ b/zebra-chain/src/transparent/serialize.rs
@ -196,6 +196,7 @@ impl ZcashDeserialize for Input {
            if len > 100 {
                return Err(SerializationError::Parse("coinbase has too much data"));
            }
+            // Memory Denial of Service: this length has just been checked
            let mut data = vec![0; len as usize];
            reader.read_exact(&mut data[..])?;
            let (height, data) = parse_coinbase_height(data)?;
--- a/zebra-network/src/protocol/external/codec.rs
+++ b/zebra-network/src/protocol/external/codec.rs
@ -615,6 +615,7 @@ impl Codec {

        let filter_length: usize = min(body_len, MAX_FILTERADD_LENGTH);

+        // Memory Denial of Service: this length has just been bounded
        let mut filter_bytes = vec![0; filter_length];
        reader.read_exact(&mut filter_bytes)?;