doc: net: mention past vulnerability as rationale to limit incoming message size

darosior · darosior · commit ad616b6c013e · 2025-02-12T15:10:28.000-05:00
diff --git a/src/net.cpp b/src/net.cpp
@@ -761,6 +761,8 @@ int V1Transport::readHeader(Span<const uint8_t> msg_bytes)
     }
 
     // reject messages larger than MAX_SIZE or MAX_PROTOCOL_MESSAGE_LENGTH
+    // NOTE: failing to perform this check previously allowed a malicious peer to make us allocate 32MiB of memory per
+    // connection. See https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom.
     if (hdr.nMessageSize > MAX_SIZE || hdr.nMessageSize > MAX_PROTOCOL_MESSAGE_LENGTH) {
         LogDebug(BCLog::NET, "Header error: Size too large (%s, %u bytes), peer=%d\n", SanitizeString(hdr.GetMessageType()), hdr.nMessageSize, m_node_id);
         return -1;

Original file line number	Diff line number	Diff line change
`@@ -761,6 +761,8 @@ int V1Transport::readHeader(Span<const uint8_t> msg_bytes)`
`761`	`761`	`}`
`762`	`762`
`763`	`763`	`// reject messages larger than MAX_SIZE or MAX_PROTOCOL_MESSAGE_LENGTH`
	`764`	`+ // NOTE: failing to perform this check previously allowed a malicious peer to make us allocate 32MiB of memory per`
	`765`	`+ // connection. See https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom.`
`764`	`766`	`if (hdr.nMessageSize > MAX_SIZE \|\| hdr.nMessageSize > MAX_PROTOCOL_MESSAGE_LENGTH) {`
`765`	`767`	`LogDebug(BCLog::NET, "Header error: Size too large (%s, %u bytes), peer=%d\n", SanitizeString(hdr.GetMessageType()), hdr.nMessageSize, m_node_id);`
`766`	`768`	`return -1;`