Skip to content

Commit

Permalink
sp-trie: minor fix to avoid possible panic during node decoding (#6486)
Browse files Browse the repository at this point in the history
# Description

This PR is a simple fix consisting of adding a check to the process of
decoding nodes of a storage proof to avoid panicking when receiving
badly-constructed proofs, returning an error instead.

This would close #6485

## Integration

No changes have to be done downstream, and as such the version bump
should be minor.

---------

Co-authored-by: Bastian Köcher <git@kchr.de>
  • Loading branch information
TDemeco and bkchr authored Nov 15, 2024
1 parent 8bea091 commit a77940b
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
10 changes: 10 additions & 0 deletions prdoc/pr_6486.prdoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
title: "sp-trie: minor fix to avoid panic on badly-constructed proof"

doc:
- audience: ["Runtime Dev", "Runtime User"]
description: |
"Added a check when decoding encoded proof nodes in `sp-trie` to avoid panicking when receiving a badly constructed proof, instead erroring out."

crates:
- name: sp-trie
bump: patch
8 changes: 8 additions & 0 deletions substrate/primitives/trie/src/node_codec.rs
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ where
NodeHeader::Null => Ok(NodePlan::Empty),
NodeHeader::HashedValueBranch(nibble_count) | NodeHeader::Branch(_, nibble_count) => {
let padding = nibble_count % nibble_ops::NIBBLE_PER_BYTE != 0;
// data should be at least the size of the offset
if data.len() < input.offset {
return Err(Error::BadFormat)
}
// check that the padding is valid (if any)
if padding && nibble_ops::pad_left(data[input.offset]) != 0 {
return Err(Error::BadFormat)
Expand Down Expand Up @@ -154,6 +158,10 @@ where
},
NodeHeader::HashedValueLeaf(nibble_count) | NodeHeader::Leaf(nibble_count) => {
let padding = nibble_count % nibble_ops::NIBBLE_PER_BYTE != 0;
// data should be at least the size of the offset
if data.len() < input.offset {
return Err(Error::BadFormat)
}
// check that the padding is valid (if any)
if padding && nibble_ops::pad_left(data[input.offset]) != 0 {
return Err(Error::BadFormat)
Expand Down

0 comments on commit a77940b

Please sign in to comment.