Skip to content

Commit

Permalink
fix(dns): ensure branch children are valid hashes (#1069)
Browse files Browse the repository at this point in the history
  • Loading branch information
mattsse authored Jan 28, 2023
1 parent 072a6c5 commit e8d7c05
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 1 deletion.
2 changes: 2 additions & 0 deletions crates/net/dns/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ pub enum ParseDnsEntryError {
Base32DecodeError(String),
#[error("{0}")]
RlpDecodeError(String),
#[error("Invalid child hash in branch: {0}")]
InvalidChildHash(String),
#[error("{0}")]
Other(String),
}
Expand Down
33 changes: 32 additions & 1 deletion crates/net/dns/src/tree.rs
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,20 @@ impl BranchEntry {
///
/// Caution: This assumes the prefix is already removed.
fn parse_value(input: &str) -> ParseEntryResult<Self> {
let children = input.trim().split(',').map(str::to_string).collect();
fn ensure_valid_hash(hash: &str) -> ParseEntryResult<String> {
let decoded_len = BASE32_NOPAD.decode_len(hash.as_bytes().len()).map_err(|err| {
ParseDnsEntryError::Base32DecodeError(format!(
"invalid base32 child {hash} in branch: {err}"
))
})?;
if !(12..=32).contains(&decoded_len) || hash.chars().any(|c| c.is_whitespace()) {
return Err(ParseDnsEntryError::InvalidChildHash(hash.to_string()))
}
Ok(hash.to_string())
}

let children =
input.trim().split(',').map(ensure_valid_hash).collect::<ParseEntryResult<Vec<_>>>()?;
Ok(Self { children })
}
}
Expand Down Expand Up @@ -341,6 +354,24 @@ mod tests {
}
}

#[test]
fn parse_invalid_branch_entry() {
let s = "enrtree-branch:1,2";
let res = s.parse::<BranchEntry>();
assert!(res.is_err());
let s = "enrtree-branch:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
let res = s.parse::<BranchEntry>();
assert!(res.is_err());

let s = "enrtree-branch:,BBBBBBBBBBBBBBBBBBBB";
let res = s.parse::<BranchEntry>();
assert!(res.is_err());

let s = "enrtree-branch:CCCCCCCCCCCCCCCCCCCC\n,BBBBBBBBBBBBBBBBBBBB";
let res = s.parse::<BranchEntry>();
assert!(res.is_err());
}

#[test]
fn parse_link_entry() {
let s = "enrtree://AM5FCQLWIZX2QFPNJAP7VUERCCRNGRHWZG3YYHIUV7BVDQ5FDPRT2@nodes.example.org";
Expand Down

0 comments on commit e8d7c05

Please sign in to comment.