You are viewing a single comment's thread from:

RE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_message

in #utopian-io6 years ago

I thought that custom_json ops didn't use the C++ variant type, but just a JSON string. There is a bug in the JSON parser, but not an exploitable one in the way it is used. But I haven't looked at that in detail, it would certainly be good to understand what sort of things somebody could insert using a custom_json operation.

6 years ago in #utopian-io by
$0.03
  • Past Payouts $0.03, 0.00 TRX
  • - Author $0.02, 0.00 TRX
  • - Curators $0.01, 0.00 TRX
1 vote
Reply 1
Sort:  
  • Trending
    • [-]
     6 years ago 

    You're right about the custom_json not using the varint type, this is indeed just a string. The witness_set_properties.props field might be a candidate, though? Looking forward to more fuzzing results from you :)

    $0.00
      Reply