From ce7daaa02a43f0e9c740a1b55fffb6e656c770c9 Mon Sep 17 00:00:00 2001
From: zzz <zzz@i2pmail.org>
Date: Thu, 14 Jan 2021 10:32:35 -0500
Subject: [PATCH] Router: Limit max addresses in RI
---
router/java/src/net/i2p/data/router/RouterInfo.java | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/router/java/src/net/i2p/data/router/RouterInfo.java b/router/java/src/net/i2p/data/router/RouterInfo.java
index bf6691bf4f..ba556a7271 100644
--- a/router/java/src/net/i2p/data/router/RouterInfo.java
+++ b/router/java/src/net/i2p/data/router/RouterInfo.java
@@ -85,6 +85,7 @@ public class RouterInfo extends DatabaseEntry {
public static final String PROP_NETWORK_ID = "netId";
public static final String PROP_CAPABILITIES = "caps";
public static final char CAPABILITY_HIDDEN = 'H';
+ private static final int MAX_ADDRESSES = 16;
/** Public string of chars which serve as bandwidth capacity markers
* NOTE: individual chars defined in Router.java
@@ -203,11 +204,14 @@ public class RouterInfo extends DatabaseEntry {
*
* @param addresses may be null
* @throws IllegalStateException if RouterInfo is already signed or addresses previously set
+ * @throws IllegalArgumentException if too many addresses
*/
public void setAddresses(Collection<RouterAddress> addresses) {
if (_signature != null || !_addresses.isEmpty())
throw new IllegalStateException();
if (addresses != null) {
+ if (addresses.size() > MAX_ADDRESSES)
+ throw new IllegalArgumentException("too many addresses");
_addresses.addAll(addresses);
}
}
@@ -575,6 +579,8 @@ public class RouterInfo extends DatabaseEntry {
_published = DataHelper.readLong(din, 8);
// EOF will be thrown in properties read below
int numAddresses = din.read();
+ if (numAddresses > MAX_ADDRESSES)
+ throw new DataFormatException("too many addresses");
for (int i = 0; i < numAddresses; i++) {
RouterAddress address = new RouterAddress();
address.readBytes(din);
--
GitLab