Skip to content

Commit

Permalink
Merge pull request #11082 from filecoin-project/asr/fixup-rlpdecode
Browse files Browse the repository at this point in the history
fix: ethtypes: handle length overflow case
  • Loading branch information
arajasek authored Jul 21, 2023
2 parents 15faab8 + 990b5a0 commit 977390e
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
6 changes: 4 additions & 2 deletions chain/types/ethtypes/rlp.go
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ func decodeRLP(data []byte) (res interface{}, consumed int, err error) {
return nil, 0, err
}
totalLen := 1 + strLenInBytes + strLen
if totalLen > len(data) {
if totalLen > len(data) || totalLen < 0 {
return nil, 0, xerrors.Errorf("invalid rlp data: out of bound while parsing string")
}
return data[1+strLenInBytes : totalLen], totalLen, nil
Expand All @@ -160,7 +160,9 @@ func decodeLength(data []byte, lenInBytes int) (length int, err error) {
if decodedLength < 0 {
return 0, xerrors.Errorf("invalid rlp data: negative string length")
}
if lenInBytes+int(decodedLength) > len(data) {

totalLength := lenInBytes + int(decodedLength)
if totalLength < 0 || totalLength > len(data) {
return 0, xerrors.Errorf("invalid rlp data: out of bound while parsing list")
}
return int(decodedLength), nil
Expand Down
3 changes: 2 additions & 1 deletion chain/types/ethtypes/rlp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -148,11 +148,12 @@ func TestDecodeNegativeLength(t *testing.T) {
mustDecodeHex("0xbfffffffffffffff0041424344"),
mustDecodeHex("0xc1bFFF1111111111111111"),
mustDecodeHex("0xbFFF11111111111111"),
mustDecodeHex("0xbf7fffffffffffffff41424344"),
}

for _, tc := range testcases {
_, err := DecodeRLP(tc)
require.Error(t, err, "invalid rlp data: negative string length")
require.ErrorContains(t, err, "invalid rlp data")
}
}

Expand Down

0 comments on commit 977390e

Please sign in to comment.