Merge pull request #11079 from filecoin-project/11053-decoderlp-panic

fix: DecodeRLP can panic
This commit is contained in:
Friðrik Ásmundsson 2023-07-15 11:13:14 +00:00 committed by GitHub
commit 23d705e33b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 0 deletions

View File

@ -157,6 +157,9 @@ func decodeLength(data []byte, lenInBytes int) (length int, err error) {
if err := binary.Read(r, binary.BigEndian, &decodedLength); err != nil {
return 0, xerrors.Errorf("invalid rlp data: cannot parse string length: %w", err)
}
if decodedLength < 0 {
return 0, xerrors.Errorf("invalid rlp data: negative string length")
}
if lenInBytes+int(decodedLength) > len(data) {
return 0, xerrors.Errorf("invalid rlp data: out of bound while parsing list")
}

View File

@ -143,6 +143,19 @@ func TestDecodeList(t *testing.T) {
}
}
func TestDecodeNegativeLength(t *testing.T) {
testcases := [][]byte{
mustDecodeHex("0xbfffffffffffffff0041424344"),
mustDecodeHex("0xc1bFFF1111111111111111"),
mustDecodeHex("0xbFFF11111111111111"),
}
for _, tc := range testcases {
_, err := DecodeRLP(tc)
require.Error(t, err, "invalid rlp data: negative string length")
}
}
func TestDecodeEncodeTx(t *testing.T) {
testcases := [][]byte{
mustDecodeHex("0xdc82013a0185012a05f2008504a817c8008080872386f26fc1000000c0"),