cs: limit max bit array size and block parts count

consensus/reactor.go

@@ -1458,6 +1458,9 @@ func (m *NewValidBlockMessage) ValidateBasic() error {
 			m.BlockParts.Size(),
 			m.BlockPartsHeader.Total)
 	}
+	if m.BlockParts.Size() > types.MaxBlockPartsCount {
+		return errors.Errorf("BlockParts bit array is too big: %d, max: %d", m.BlockParts.Size(), types.MaxBlockPartsCount)
+	}
 	return nil
 }
 
@@ -1504,6 +1507,9 @@ func (m *ProposalPOLMessage) ValidateBasic() error {
 	if m.ProposalPOL.Size() == 0 {
 		return errors.New("Empty ProposalPOL bit array")
 	}
+	if m.ProposalPOL.Size() > types.MaxVotesCount {
+		return errors.Errorf("ProposalPOL bit array is too big: %d, max: %d", m.ProposalPOL.Size(), types.MaxVotesCount)
+	}
 	return nil
 }
 
@@ -1647,6 +1653,9 @@ func (m *VoteSetBitsMessage) ValidateBasic() error {
 		return fmt.Errorf("Wrong BlockID: %v", err)
 	}
 	// NOTE: Votes.Size() can be zero if the node does not have any
+	if m.Votes.Size() > types.MaxVotesCount {
+		return fmt.Errorf("Votes bit array is too big: %d, max: %d", m.Votes.Size(), types.MaxVotesCount)
+	}
 	return nil
 }
 

types/params.go

@@ -14,6 +14,9 @@ const (
 
 	// BlockPartSizeBytes is the size of one block part.
 	BlockPartSizeBytes = 65536 // 64kB
+
+	// MaxBlockPartsCount is the maximum count of block parts.
+	MaxBlockPartsCount = MaxBlockSizeBytes / BlockPartSizeBytes
 )
 
 // ConsensusParams contains consensus critical parameters that determine the

types/vote_set.go

@@ -11,6 +11,12 @@ import (
 	cmn "github.com/tendermint/tendermint/libs/common"
 )
 
+const (
+	// MaxVotesCount is the maximum votes count. Used in ValidateBasic funcs for
+	// protection against DOS attacks.
+	MaxVotesCount = 10000
+)
+
 // UNSTABLE
 // XXX: duplicate of p2p.ID to avoid dependence between packages.
 // Perhaps we can have a minimal types package containing this (and other things?)