Check ListValidatorBalances response length (#7583)

* Check length * Add regression test Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com>
prysmaticlabs · Oct 20, 2020 · 544dac2 · 544dac2
1 parent 78ca8c9
commit 544dac2
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 0 deletions.
diff --git a/beacon-chain/rpc/beacon/validators.go b/beacon-chain/rpc/beacon/validators.go
@@ -162,6 +162,10 @@ func (bs *Server) ListValidatorBalances(
 		}, nil
 	}
 
+	if end > len(res) || end < start {
+		return nil, status.Error(codes.OutOfRange, "Request exceeds response length")
+	}
+
 	return &ethpb.ValidatorBalances{
 		Epoch:         requestedEpoch,
 		Balances:      res[start:end],

diff --git a/beacon-chain/rpc/beacon/validators_test.go b/beacon-chain/rpc/beacon/validators_test.go
@@ -372,6 +372,33 @@ func TestServer_ListValidatorBalances_Pagination_CustomPageSizes(t *testing.T) {
 	}
 }
 
+func TestServer_ListValidatorBalances_ResponseOutOfBound(t *testing.T) {
+	db, sc := dbTest.SetupDB(t)
+	ctx := context.Background()
+
+	count := 10
+	setupValidators(t, db, count)
+	headState, err := db.HeadState(context.Background())
+	require.NoError(t, err)
+	b := testutil.NewBeaconBlock()
+	gRoot, err := b.Block.HashTreeRoot()
+	require.NoError(t, err)
+	require.NoError(t, db.SaveGenesisBlockRoot(ctx, gRoot))
+	require.NoError(t, db.SaveState(ctx, headState, gRoot))
+
+	bs := &Server{
+		GenesisTimeFetcher: &mock.ChainService{},
+		StateGen:           stategen.New(db, sc),
+		HeadFetcher: &mock.ChainService{
+			State: headState,
+		},
+	}
+
+	req := &ethpb.ListValidatorBalancesRequest{PageSize: 250, QueryFilter: &ethpb.ListValidatorBalancesRequest_Epoch{Epoch: 0}, PublicKeys: [][]byte{{'a'}}}
+	_, err = bs.ListValidatorBalances(context.Background(), req)
+	require.ErrorContains(t, "Request exceeds response length", err)
+}
+
 func TestServer_ListValidatorBalances_OutOfRange(t *testing.T) {
 	db, sc := dbTest.SetupDB(t)