Per @kdeme's comments. Limit ENR size, fix rlp len check

This commit is contained in:
Yuriy Glukhov 2019-12-18 13:06:45 +02:00 committed by zah
parent 9772fbe470
commit 5795054dbf
1 changed files with 12 additions and 6 deletions

View File

@ -1,6 +1,13 @@
# ENR implemetation according to spec:
# https://github.com/ethereum/EIPs/blob/master/EIPS/eip-778.md
import strutils, macros, algorithm, options import strutils, macros, algorithm, options
import eth/[rlp, keys], nimcrypto, stew/base64 import eth/[rlp, keys], nimcrypto, stew/base64
const
maxEnrSize = 300
minRlpListLen = 4 # for signature, seqId, "id" key, id
type type
Record* = object Record* = object
sequenceNumber*: uint64 sequenceNumber*: uint64
@ -188,9 +195,11 @@ proc verifySignature(r: Record): bool =
discard discard
proc fromBytesAux(r: var Record): bool = proc fromBytesAux(r: var Record): bool =
if r.raw.len > maxEnrSize: return false
var rlp = rlpFromBytes(r.raw.toRange) var rlp = rlpFromBytes(r.raw.toRange)
let sz = rlp.listLen let sz = rlp.listLen
if sz < 5 or sz mod 2 != 0: if sz < minRlpListLen or sz mod 2 != 0:
# Wrong rlp object # Wrong rlp object
return false return false
@ -200,18 +209,15 @@ proc fromBytesAux(r: var Record): bool =
r.sequenceNumber = rlp.read(uint64) r.sequenceNumber = rlp.read(uint64)
let numPairs = (sz - 2) div 2 let numPairs = (sz - 2) div 2
var
id: string
pubkeyData: seq[byte]
for i in 0 ..< numPairs: for i in 0 ..< numPairs:
let k = rlp.read(string) let k = rlp.read(string)
case k case k
of "id": of "id":
id = rlp.read(string) let id = rlp.read(string)
r.pairs.add((k, Field(kind: kString, str: id))) r.pairs.add((k, Field(kind: kString, str: id)))
of "secp256k1": of "secp256k1":
pubkeyData = rlp.read(seq[byte]) let pubkeyData = rlp.read(seq[byte])
r.pairs.add((k, Field(kind: kBytes, bytes: pubkeyData))) r.pairs.add((k, Field(kind: kBytes, bytes: pubkeyData)))
of "tcp", "udp", "tcp6", "udp6", "ip": of "tcp", "udp", "tcp6", "udp6", "ip":
let v = rlp.read(int) let v = rlp.read(int)