HomeSource World

p2p/enode: avoid crashing for invalid IP (#21981)

Description

p2p/enode: avoid crashing for invalid IP (#21981)

The database panicked for invalid IPs. This is usually no problem
because all code paths leading to node DB access verify the IP, but it's
dangerous because improper validation can turn this panic into a DoS
vulnerability. The quick fix here is to just turn database accesses
using invalid IP into a noop. This isn't great, but I'm planning to
remove the node DB for discv5 long-term, so it should be fine to have
this quick fix for half a year.

Fixes #21849

Details

Provenance
Felix Lange <fjl@twurst.com>Authored on Dec 9 2020, 7:21 PM
GitHub <noreply@github.com>Committed on Dec 9 2020, 7:21 PM
Parents
rGETHf935b1d5426b: crypto/signify, build: fix archive signing with signify (#21977)
Branches
Unknown
Tags
Unknown

Event Timeline

GitHub <noreply@github.com> committed rGETH817a3fb5622c: p2p/enode: avoid crashing for invalid IP (#21981) (authored by Felix Lange <fjl@twurst.com>).Dec 9 2020, 7:21 PM