[R4R] security patch from go-ethereum #63
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Bit boundary fix for the DAG generation routine * Fix unnecessary conversion warnings Co-authored-by: Sergey Pavlov <spavlov@gmail.com>
…1601) * tried to fix * fix for js api * fix for nil pointer ex * rev space * rev space * input call formatter
* accounts/abi: fix a bug in getTypeSize method e.g. for "Tuple[2]" type, the element of the array is a tuple type and the size of the tuple may not be 32. * accounts/abi: add unit test of getTypeSize method
The database panicked for invalid IPs. This is usually no problem because all code paths leading to node DB access verify the IP, but it's dangerous because improper validation can turn this panic into a DoS vulnerability. The quick fix here is to just turn database accesses using invalid IP into a noop. This isn't great, but I'm planning to remove the node DB for discv5 long-term, so it should be fine to have this quick fix for half a year. Fixes #21849
This fixes a deadlock that could occur when a response packet arrived after a call had already received enough responses and was about to signal completion to the dispatch loop. Co-authored-by: Felix Lange <fjl@twurst.com>
yutianwu
approved these changes
Jan 11, 2021
abelliumnt
approved these changes
Jan 11, 2021
3 tasks
pythonberg1997
pushed a commit
to pythonberg1997/bsc
that referenced
this pull request
Mar 29, 2023
…otes fix mini bug for markVotes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
BSC001: Integer Overflow when generating ethash dataset
It is fixed on go-ethereum: ethereum/go-ethereum#21793
BSC002: AES GCM return value improper validation possibly leading to Denial of Service
It is fixed on go-ethereum: ethereum/go-ethereum#21379
BSC003: Off-by-one error in queuing a batch of transactions
It is fixed on go-ethereum: ethereum/go-ethereum#21683
BSC004: DoEstimateGas improper validation possibly leading to Denial of Service
It is fixed on go-ethereum: ethereum/go-ethereum#21601
BSC005: Missing validation after unmarshalling RPC JSON message
It is fixed on go-ethereum: ethereum/go-ethereum#21497
BSC006: Type Confusion when handling a dynamic type variable
It is fixed on go-ethereum: ethereum/go-ethereum#21501
BSC011: Denial of Service due to improper validation on network addresses
It is fixed in go-ethereum: ethereum/go-ethereum#21981
BSC012: Deadlock by race possibly leading to resource exhaust
It is fixed in go-ethereum: ethereum/go-ethereum#21858
Rationale
tell us why we need these changes...
Example
add an example CLI or API response...
Changes
Notable changes:
Preflight checks
make build)make test)Already reviewed by
...
Related issues
... reference related issue #'s here ...