New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit input length for decode
command
#982
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The alternative approach would have been to do the bytes length check just once directly in decode.rs
after the decoding is complete. This way is also okay, with adding it to each of the called methods, although as mentioned decode_contract_event
is used in one other place so we need to check whether that still works.
@@ -347,6 +353,24 @@ impl ContractMessageTranscoder { | |||
Ok(Value::Unit) | |||
} | |||
} | |||
|
|||
/// Checks if buffer empty, otherwise returns am error | |||
fn validate_length(data: &[u8], label: &str, args: &[(Value, Value)]) -> Result<()> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extracted check to a separate function instead of moving it to a higher layer because each decode function returns a generic anyhow
error. We would need to return a custom error and map all anyhow
errors inside each decode
function to a specific error. We will also need to handle the error on the higher decode
function. Additionally, events and messages/constructors have different structs that are used to extract label
. That will also unnecessary overcomplicate error handling.
Therefore, it is better that all validation happens on the lower level at each decode
function independently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Since @HCastano had also reviewed this, would also have been nice to ask for his approval too. |
Closes #980
The hex bytes are consumed for decoding values of arguments on demand. If there is not enough data to fill the buffer, the error is already thrown. Previously, spare bytes were just ignored. Since this PR, an error will be thrown if input buffer contains spare bytes.
Here is the small demo demonstrating that extra bytes in buffer do not affect decoding of value.