From 473a0420eab9fc4ababd349ad79c2721ba92ee5b Mon Sep 17 00:00:00 2001
From: teor <teor@riseup.net>
Date: Fri, 19 Mar 2021 17:19:37 +1000
Subject: [PATCH] Stop untrusted preallocation during script deserialization

This is an easy memory denial of service attack.
---
 zebra-chain/src/transparent/script.rs | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/zebra-chain/src/transparent/script.rs b/zebra-chain/src/transparent/script.rs
index d99914acd98..75d78484932 100644
--- a/zebra-chain/src/transparent/script.rs
+++ b/zebra-chain/src/transparent/script.rs
@@ -1,11 +1,10 @@
+//! Bitcoin script for Zebra
+
 #![allow(clippy::unit_arg)]
-use crate::serialization::{
-    ReadZcashExt, SerializationError, WriteZcashExt, ZcashDeserialize, ZcashSerialize,
-};
-use std::{
-    fmt,
-    io::{self, Read},
-};
+
+use crate::serialization::{SerializationError, WriteZcashExt, ZcashDeserialize, ZcashSerialize};
+
+use std::{fmt, io};
 
 /// An encoding of a Bitcoin script.
 #[derive(Clone, Eq, PartialEq, Serialize, Deserialize, Hash)]
@@ -32,12 +31,8 @@ impl ZcashSerialize for Script {
 }
 
 impl ZcashDeserialize for Script {
-    fn zcash_deserialize<R: io::Read>(mut reader: R) -> Result<Self, SerializationError> {
-        // XXX what is the max length of a script?
-        let len = reader.read_compactsize()?;
-        let mut bytes = Vec::new();
-        reader.take(len).read_to_end(&mut bytes)?;
-        Ok(Script(bytes))
+    fn zcash_deserialize<R: io::Read>(reader: R) -> Result<Self, SerializationError> {
+        Ok(Script(Vec::zcash_deserialize(reader)?))
     }
 }