p2p/discover/v5wire: reject packets smaller than 63 bytes (#25740)

2022-09-12 22:02:03 +09:00 · 2022-09-12 22:02:03 +09:00 · 0c1888a367
commit 0c1888a367
parent b628d72766
2 changed files with 15 additions and 3 deletions
--- a/p2p/discover/v5wire/encoding.go
+++ b/p2p/discover/v5wire/encoding.go
@ -90,6 +90,10 @@ const (
 	minVersion      = 1
 	sizeofMaskingIV = 16
 	// The minimum size of any Discovery v5 packet is 63 bytes.
 	// Should reject packets smaller than minPacketSize.
 	minPacketSize = 63
 	minMessageSize      = 48 // this refers to data after static headers
 	randomPacketMsgSize = 20
 )
@ -415,10 +419,10 @@ func (c *Codec) encryptMessage(s *session, p Packet, head *Header, headerData []
 // Decode decodes a discovery packet.
 func (c *Codec) Decode(input []byte, addr string) (src enode.ID, n *enode.Node, p Packet, err error) {
-	// Unmask the static header.
+	if len(input) < minPacketSize {
 	if len(input) < sizeofStaticPacketData {
 		return enode.ID{}, nil, nil, errTooShort
 	}
 	// Unmask the static header.
 	var head Header
 	copy(head.IV[:], input[:sizeofMaskingIV])
 	mask := head.mask(c.localnode.ID())
--- a/p2p/discover/v5wire/encoding_test.go
+++ b/p2p/discover/v5wire/encoding_test.go
@ -274,7 +274,15 @@ func TestDecodeErrorsV5(t *testing.T) {
 	net := newHandshakeTest()
 	defer net.close()
-	net.nodeA.expectDecodeErr(t, errTooShort, []byte{})
+	b := make([]byte, 0)
 	net.nodeA.expectDecodeErr(t, errTooShort, b)
 	b = make([]byte, 62)
 	net.nodeA.expectDecodeErr(t, errTooShort, b)
 	b = make([]byte, 63)
 	net.nodeA.expectDecodeErr(t, errInvalidHeader, b)
 	// TODO some more tests would be nice :)
 	// - check invalid authdata sizes
 	// - check invalid handshake data sizes