Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wire: remove erroneous witness size check in wire parsing #1896

Merged
merged 1 commit into from Oct 10, 2022
Merged

wire: remove erroneous witness size check in wire parsing #1896

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion blockchain/weight.go
View file
Open in desktop
Expand Up @@ -7,9 +7,9 @@ package blockchain
import (
"fmt"

"github.com/btcsuite/btcd/btcutil"
"github.com/btcsuite/btcd/txscript"
"github.com/btcsuite/btcd/wire"
"github.com/btcsuite/btcd/btcutil"
)

const (
Expand Down
30 changes: 16 additions & 14 deletions wire/msgtx.go
View file
Open in desktop
Expand Up @@ -103,27 +103,28 @@ const (
maxWitnessItemsPerInput = 500000

// maxWitnessItemSize is the maximum allowed size for an item within
// an input's witness data. This number is derived from the fact that
// for script validation, each pushed item onto the stack must be less
// than 10k bytes.
maxWitnessItemSize = 11000
// an input's witness data. This value is bounded by the largest
// possible block size, post segwit v1 (taproot).
maxWitnessItemSize = 4_000_000
Roasbeef marked this conversation as resolved.
Show resolved Hide resolved
)

// TxFlagMarker is the first byte of the FLAG field in a bitcoin tx
// message. It allows decoders to distinguish a regular serialized
// transaction from one that would require a different parsing logic.
//
// Position of FLAG in a bitcoin tx message:
// ┌─────────┬────────────────────┬─────────────┬─────┐
// │ VERSION │ FLAG │ TX-IN-COUNT │ ... │
// │ 4 bytes │ 2 bytes (optional) │ varint │ │
// └─────────┴────────────────────┴─────────────┴─────┘
//
// ┌─────────┬────────────────────┬─────────────┬─────┐
// │ VERSION │ FLAG │ TX-IN-COUNT │ ... │
// │ 4 bytes │ 2 bytes (optional) │ varint │ │
// └─────────┴────────────────────┴─────────────┴─────┘
//
// Zooming into the FLAG field:
// ┌── FLAG ─────────────┬────────┐
// │ TxFlagMarker (0x00) │ TxFlag │
// │ 1 byte │ 1 byte │
// └─────────────────────┴────────┘
//
// ┌── FLAG ─────────────┬────────┐
// │ TxFlagMarker (0x00) │ TxFlag │
// │ 1 byte │ 1 byte │
// └─────────────────────┴────────┘
const TxFlagMarker = 0x00

// TxFlag is the second byte of the FLAG field in a bitcoin tx message.
Expand Down Expand Up @@ -586,8 +587,9 @@ func (msg *MsgTx) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error
// item itself.
txin.Witness = make([][]byte, witCount)
for j := uint64(0); j < witCount; j++ {
txin.Witness[j], err = readScript(r, pver,
maxWitnessItemSize, "script witness item")
txin.Witness[j], err = readScript(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering why we do not enforce the different size limits for the different segwit version here ? For v_0 we stay with 11kb and for v_1 4MB ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So that check is deeper in the consensus validation logic, this is a wire level DDoS defense limit/value.

r, pver, maxWitnessItemSize, "script witness item",
)
if err != nil {
returnScriptBuffers()
return err
Expand Down