[freenet-cvs] r17464 - trunk/freenet/src/freenet/support

robert at freenetproject.org robert at freenetproject.org
Fri Feb 1 19:25:56 UTC 2008 

Author: robert
Date: 2008-02-01 19:25:56 +0000 (Fri, 01 Feb 2008)
New Revision: 17464

Modified:
   trunk/freenet/src/freenet/support/BitArray.java
   trunk/freenet/src/freenet/support/Serializer.java
Log:
prevent arbitrary sizes in allocating BitArray's from the wire


Modified: trunk/freenet/src/freenet/support/BitArray.java
===================================================================
--- trunk/freenet/src/freenet/support/BitArray.java	2008-02-01 19:23:44 UTC (rev 17463)
+++ trunk/freenet/src/freenet/support/BitArray.java	2008-02-01 19:25:56 UTC (rev 17464)
@@ -30,11 +30,22 @@
 	private final int _size;
 	private final byte[] _bits;
 
+	/**
+	 * This constructor does not check for unacceptable sizes, and should only be used on trusted data.
+	 */
 	public BitArray(DataInputStream dis) throws IOException {
 		_size = dis.readInt();
 		_bits = new byte[(_size / 8) + (_size % 8 == 0 ? 0 : 1)];
 		dis.readFully(_bits);
 	}
+	
+	public BitArray(DataInputStream dis, int maxSize) throws IOException {
+		_size = dis.readInt();
+		if (_size<=0 || _size>maxSize)
+			throw new IOException("Unacceptable bitarray size: "+_size);
+		_bits = new byte[(_size / 8) + (_size % 8 == 0 ? 0 : 1)];
+		dis.readFully(_bits);
+	}
 
 	public BitArray(int size) {
 		_size = size;

Modified: trunk/freenet/src/freenet/support/Serializer.java
===================================================================
--- trunk/freenet/src/freenet/support/Serializer.java	2008-02-01 19:23:44 UTC (rev 17463)
+++ trunk/freenet/src/freenet/support/Serializer.java	2008-02-01 19:25:56 UTC (rev 17464)
@@ -42,6 +42,7 @@
 public class Serializer {
 
     public static final String VERSION = "$Id: Serializer.java,v 1.5 2005/09/15 18:16:04 amphibian Exp $";
+	public static final int MAX_BITARRAY_SIZE = 128;
 
 	public static List readListFromDataInputStream(Class elementType, DataInputStream dis) throws IOException {
 		LinkedList ret = new LinkedList();
@@ -89,7 +90,7 @@
 		} else if (type.equals(Peer.class)) {
 			return new Peer(dis);
 		} else if (type.equals(BitArray.class)) {
-			return new BitArray(dis);
+			return new BitArray(dis, MAX_BITARRAY_SIZE);
 		} else if (type.equals(NodeCHK.class)) {
 			// Use Key.read(...) because write(...) writes the TYPE field.
 			return Key.read(dis);

More information about the cvs mailing list