top | item 19290291

(no title)

narcissus | 7 years ago

"This is why the buffer is smaller in bitcoin than in these scamcoins."

Are you saying that the buffer is smaller in Bitcoin because of that CVE issue? As in, the issue was discovered and the solution was the make the buffer smaller, instead of resolving the issue correctly?

Because reading that article seems to imply, at least, that core is affected that issue or am I reading that wrong? Or do you mean something like "lucky the buffer is smaller in core"? Saying that 'something is why something else' reads like that something else is what caused the something, and like I say, I find it hard to believe that the solution to that CVE was "forget fixing the actual problem, we'll just make the buffer smaller"...

discuss

nullc|7 years ago

The buffers in Bitcoin were specifically sized in response to known vulnerabilities long ago, some of which have been reintroduced by clones.

Appropriately sizing buffers is the correct fix in some cases... For example, when the vulnerability is that an attacker can make N connections and begin N max_size messages, causing the allocation of N*max_size ram a perfectly reasonable fix is making sure that the protocol guarantees that the maximum size of any single message is small enough that decoding N in parallel isn't an issue.

narcissus|7 years ago

That's fair... I was completely misunderstanding the problem.

So is it that core is not affected by that last CVE at all, or just not as much as the others?