feat(net): verify columns' length of HelloMessage #5667
Conversation
317787106
changed the title
| @@ -169,6 +170,22 @@ public boolean valid() { | |||
| return false; | |||
| } | |||
|
|
|||
| int maxByteSize = 200; | |||
There was a problem hiding this comment.
Is a maximum byte size of 200 too large? Can it be set smaller?
There was a problem hiding this comment.
The target of method valid is to make sure that log's content is not too large, so the value of maxByteSize is not very important. The length of address may be 42 bytes or more (not certain), sig is 65, codeVersion may not stable(20 bytes?). Can you give a suggestion?
There was a problem hiding this comment.
Just take the maximum of the three values, for example 65.
There was a problem hiding this comment.
In fact, I don't test the true length of address ang sig, because i have no fastforword node to use. Only give a theoretical value. Give an upper value can be ok, but give an exact value is not necessary, because method checkHelloMessage will verify the address and sig again. The main purpose is to not record too many message in log file.
| if (!codeVersion.isEmpty() && codeVersion.toByteArray().length > maxByteSize) { | ||
| return false; | ||
| } | ||
|
|
There was a problem hiding this comment.
The length judgment of address and version can be more specific.
It is recommended to consider multi-signature within 3 keys, If there are 3 multi-signatures, will the length exceed 200?
There was a problem hiding this comment.
this signature only come from SR's sig of timestamp in RelayService. it's 65 stablely, not related to multi-signature. You can read the code:
String sig =
TransactionCapsule.getBase64FromByteString(msg.getSignature());
byte[] sigAddress = SignUtils.signatureToAddress(hash.getBytes(), sig,
Args.getInstance().isECKeyCryptoEngine());
jwrct
changed the title
What does this PR do?
Why are these changes required?
This PR has been tested by:
Follow up
Extra details