From 75a10eef9b4a8b13f116ee3d946c0adee3212a4d Mon Sep 17 00:00:00 2001
From: Leif Ryge <leif@synthesize.us>
Date: Sat, 29 Aug 2015 20:22:48 +0000
Subject: [PATCH] more strict validation of .onion addresses

---
 codec.go          | 9 ++++++---
 multiaddr_test.go | 2 ++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/codec.go b/codec.go
index 5db2989..b698c23 100644
--- a/codec.go
+++ b/codec.go
@@ -168,12 +168,15 @@ func addressStringToBytes(p Protocol, s string) ([]byte, error) {
 
 	case P_TOR:
 		fields := strings.Split(s, ".onion")
-		if len(fields) != 2 {
-			return nil, fmt.Errorf("failed to parse ipfs addr: %s not a Tor .onion address.", s)
+		if len(fields) != 2 || len(fields[1]) != 0 {
+			return nil, fmt.Errorf("failed to parse tor addr: %s does not end with .onion", s)
 		}
 		b, err := base32.StdEncoding.DecodeString(strings.ToUpper(fields[0]))
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse ipfs addr: %s %s", s, err)
+			return nil, fmt.Errorf("failed to parse tor addr: %s %s", s, err)
+		}
+		if len(b) != 10 {
+			return nil, fmt.Errorf("failed to parse tor addr: %s decoded to %s bytes, expected 10", s, len(b))
 		}
 		return b, nil
 	case P_IPFS: // ipfs
diff --git a/multiaddr_test.go b/multiaddr_test.go
index 6e980cb..aa45dd6 100644
--- a/multiaddr_test.go
+++ b/multiaddr_test.go
@@ -27,6 +27,8 @@ func TestConstructFails(t *testing.T) {
 		"/tcp/65536",
 		"/tor/9imaq4ygg2iegci7.onion",
 		"/tor/aaimaq4ygg2iegci7.onion",
+		"/tor/timaq4ygg2iegci7.onionxxx",
+		"/tor/timaq4yg.onion",
 		"/udp/1234/sctp",
 		"/udp/1234/udt/1234",
 		"/udp/1234/utp/1234",