You are viewing a single comment's thread from:

RE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_message

in #utopian-io6 years ago

I thought that custom_json ops didn't use the C++ variant type, but just a JSON string. There is a bug in the JSON parser, but not an exploitable one in the way it is used. But I haven't looked at that in detail, it would certainly be good to understand what sort of things somebody could insert using a custom_json operation.

Sort:  

You're right about the custom_json not using the varint type, this is indeed just a string. The witness_set_properties.props field might be a candidate, though? Looking forward to more fuzzing results from you :)