Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container's getContainerSize API can be misused #321

Closed
roman-khimov opened this issue Feb 6, 2023 · 0 comments
Closed

Container's getContainerSize API can be misused #321

roman-khimov opened this issue Feb 6, 2023 · 0 comments
Labels
bug Something isn't working container Container contract related issue U3 Regular
Milestone
v0.17.0

Comments

@roman-khimov
Copy link
Member

It doesn't check the input and can iterate over any storage prefix that is longer than containerIDSize. It's easy to pass a container ID there and get something completely different from containerSizes. Also given the way we have things structured now it could as well have some (epoch int, cid []byte) parameters (we need to keep old API now for some time, but a new better one can be added).
@roman-khimov roman-khimov added bug Something isn't working container Container contract related issue labels Feb 6, 2023
@roman-khimov roman-khimov added this to the v0.17.0 milestone Feb 6, 2023
@alexchetaev alexchetaev added the U3 Regular label Feb 6, 2023
roman-khimov added a commit that referenced this issue Mar 22, 2023
@roman-khimov
container: check id length in the getContainerSize, fix #321
65a8999 
Unfortunately, we can't check for more. Epoch number is serialized in a way
that is dynamic in size.

Signed-off-by: Roman Khimov <roman@nspcc.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working container Container contract related issue U3 Regular
Projects
None yet
Milestone
v0.17.0
Development

No branches or pull requests
2 participants
@roman-khimov @alexchetaev