New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SEC-29 Go zero values for missing struct fields in RLP decoding causes caller to panic #506
Comments
The RLP decoder is working as intended in this case. If an input list contains less than the reqired number of elements, the remaining struct fields are set to their zero value. This is documented. The eth protocol layer should reject messages if the content is not valid. Not valid includes "has fields that are |
correct. I'll fix this |
@zelig will take care of adding more validation to the eth protocol. We have also discussed changing the decoder so it can never produce nil pointers unless they are actually wanted. This would be a bigger change. |
…ters swarm/storage: counters for errors and bytes for LazyChunkReader
[R4R] Release v1.1.4
…ice (ethereum#506) internal/cli/server: update default cli values Co-authored-by: SHIVAM SHARMA <shivam691999@gmail.com>
https://github.com/ethereum/go-ethereum/blob/develop/rlp/decode.go#L343
If a field of a struct does not have a value in the decoded data, the decoder will set the field to the Go zero value for that field's type.
If it's a pointer, it's set to nil, which will cause a nil pointer deference later on.
This can be triggered remotely by sending an empty array as payload in a NewBlockMsg.
EDIT: As explained by @fjl the fix should be in the code calling the RLP decoder and not in the RLP decoder itself.
The text was updated successfully, but these errors were encountered: