cerc-io/lotus
16
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 27 Wiki Activity

fix: DecodeRLP can panic

Browse Source
This commit is contained in:
Fridrik Asmundsson 2023-07-14 11:49:50 +00:00
parent 03078cdb56
commit 871d1ba547
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
chain/types/ethtypes/rlp.go
View File

@ -157,6 +157,9 @@ func decodeLength(data []byte, lenInBytes int) (length int, err error) {
if err := binary.Read(r, binary.BigEndian, &decodedLength); err != nil {
return 0, xerrors.Errorf("invalid rlp data: cannot parse string length: %w", err)
}
if decodedLength < 0 {
return 0, xerrors.Errorf("invalid rlp data: negative string length")
}
if lenInBytes+int(decodedLength) > len(data) {
return 0, xerrors.Errorf("invalid rlp data: out of bound while parsing list")
}

13
chain/types/ethtypes/rlp_test.go
View File

@ -143,6 +143,19 @@ func TestDecodeList(t *testing.T) {
}
}
func TestDecodeNegativeLength(t *testing.T) {
testcases := [][]byte{
mustDecodeHex("0xbfffffffffffffff0041424344"),
mustDecodeHex("0xc1bFFF1111111111111111"),
mustDecodeHex("0xbFFF11111111111111"),
}
for _, tc := range testcases {
_, err := DecodeRLP(tc)
require.Error(t, err, "invalid rlp data: negative string length")
}
}
func TestDecodeEncodeTx(t *testing.T) {
testcases := [][]byte{
mustDecodeHex("0xdc82013a0185012a05f2008504a817c8008080872386f26fc1000000c0"),