Skip to content

Reject oversized tx_hash lists in construct_block_blob to mitigate DoS#30

Merged
MoneroOcean merged 2 commits into
masterfrom
codex/fix-unbounded-stack-allocation-in-construct_block_blob
May 29, 2026
Merged

Reject oversized tx_hash lists in construct_block_blob to mitigate DoS#30
MoneroOcean merged 2 commits into
masterfrom
codex/fix-unbounded-stack-allocation-in-construct_block_blob

Conversation

@MoneroOcean
Copy link
Copy Markdown
Owner

@MoneroOcean MoneroOcean commented May 29, 2026

Motivation

  • Prevent a remote daemon from triggering unbounded stack allocation in the merkle tree_hash path by rejecting overly large merged-mining templates before construct_parent_block is invoked.

Description

  • Add a conservative hard limit MAX_TX_HASHES_FOR_PARENT_BLOCK = 16384 to limit how many tx_hashes are accepted for BLOB_TYPE_FORKNOTE2.
  • Validate b.tx_hashes.size() in construct_block_blob and return an error if the template exceeds the limit, avoiding the downstream call chain that leads to stack alloca in tree_hash.

Testing

  • Ran the package test command npm test, which failed in this environment due to a network/registry 403 Forbidden error when fetching dependencies (specifically bech32), so automated tests could not complete.

Codex Task

@MoneroOcean MoneroOcean merged commit 2f4f068 into master May 29, 2026
3 checks passed
@MoneroOcean MoneroOcean deleted the codex/fix-unbounded-stack-allocation-in-construct_block_blob branch May 29, 2026 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

aardvark codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MoneroOcean