From ce7daaa02a43f0e9c740a1b55fffb6e656c770c9 Mon Sep 17 00:00:00 2001 From: zzz <zzz@i2pmail.org> Date: Thu, 14 Jan 2021 10:32:35 -0500 Subject: [PATCH] Router: Limit max addresses in RI --- router/java/src/net/i2p/data/router/RouterInfo.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/router/java/src/net/i2p/data/router/RouterInfo.java b/router/java/src/net/i2p/data/router/RouterInfo.java index bf6691bf4f..ba556a7271 100644 --- a/router/java/src/net/i2p/data/router/RouterInfo.java +++ b/router/java/src/net/i2p/data/router/RouterInfo.java @@ -85,6 +85,7 @@ public class RouterInfo extends DatabaseEntry { public static final String PROP_NETWORK_ID = "netId"; public static final String PROP_CAPABILITIES = "caps"; public static final char CAPABILITY_HIDDEN = 'H'; + private static final int MAX_ADDRESSES = 16; /** Public string of chars which serve as bandwidth capacity markers * NOTE: individual chars defined in Router.java @@ -203,11 +204,14 @@ public class RouterInfo extends DatabaseEntry { * * @param addresses may be null * @throws IllegalStateException if RouterInfo is already signed or addresses previously set + * @throws IllegalArgumentException if too many addresses */ public void setAddresses(Collection<RouterAddress> addresses) { if (_signature != null || !_addresses.isEmpty()) throw new IllegalStateException(); if (addresses != null) { + if (addresses.size() > MAX_ADDRESSES) + throw new IllegalArgumentException("too many addresses"); _addresses.addAll(addresses); } } @@ -575,6 +579,8 @@ public class RouterInfo extends DatabaseEntry { _published = DataHelper.readLong(din, 8); // EOF will be thrown in properties read below int numAddresses = din.read(); + if (numAddresses > MAX_ADDRESSES) + throw new DataFormatException("too many addresses"); for (int i = 0; i < numAddresses; i++) { RouterAddress address = new RouterAddress(); address.readBytes(din); -- GitLab