common: NewBitArray never crashes on negatives (#170)

Fixes #169 Fixes https://github.com/tendermint/tendermint/issues/1322 The previous code was very trusting assuming that rational actors will use this code. However, Byzantine actors don't care and in the case of the linked issue negative lengths can be sent to this code unfettered having been received from a peer. This code is essentially just a sign change from `==` to `<=` and we've gutted out that attack by being more defensive.
2025-06-18 15:41:20 +00:00 · 2018-03-18 04:17:11 -07:00
parent b0e0dc5de3
commit b1c9b82531
2 changed files with 8 additions and 1 deletions
--- a/common/bit_array.go
+++ b/common/bit_array.go
@ -15,7 +15,7 @@ type BitArray struct {

 // There is no BitArray whose Size is 0.  Use nil instead.
 func NewBitArray(bits int) *BitArray {
-	if bits == 0 {
+	if bits <= 0 {
 		return nil
 	}
 	return &BitArray{