Merge pull request #26 from status-im/discovery-packet-validation

Added package length validation
This commit is contained in:
Yuriy Glukhov 2019-03-25 17:59:31 +02:00 committed by GitHub
commit ba53f4bc9b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 5 deletions

View File

@ -86,13 +86,15 @@ proc pack(cmdId: CommandId, payload: BytesRange, pk: PrivateKey): Bytes =
result = @(msgHash.data) & signature & encodedData result = @(msgHash.data) & signature & encodedData
proc validateMsgHash(msg: Bytes, msgHash: var MDigest[256]): bool = proc validateMsgHash(msg: Bytes, msgHash: var MDigest[256]): bool =
msgHash.data[0 .. ^1] = msg.toOpenArray(0, msgHash.data.high) if msg.len > HEAD_SIZE:
result = msgHash == keccak256.digest(msg.toOpenArray(MAC_SIZE, msg.high)) msgHash.data[0 .. ^1] = msg.toOpenArray(0, msgHash.data.high)
result = msgHash == keccak256.digest(msg.toOpenArray(MAC_SIZE, msg.high))
proc recoverMsgPublicKey(msg: Bytes, pk: var PublicKey): bool = proc recoverMsgPublicKey(msg: Bytes, pk: var PublicKey): bool =
recoverSignatureKey(msg.toOpenArray(MAC_SIZE, MAC_SIZE + 65), msg.len > HEAD_SIZE and
keccak256.digest(msg.toOpenArray(HEAD_SIZE, msg.high)).data, recoverSignatureKey(msg.toOpenArray(MAC_SIZE, HEAD_SIZE),
pk) == EthKeysStatus.Success keccak256.digest(msg.toOpenArray(HEAD_SIZE, msg.high)).data,
pk) == EthKeysStatus.Success
proc unpack(msg: Bytes): tuple[cmdId: CommandId, payload: Bytes] = proc unpack(msg: Bytes): tuple[cmdId: CommandId, payload: Bytes] =
result = (cmdId: msg[HEAD_SIZE].CommandId, payload: msg[HEAD_SIZE + 1 .. ^1]) result = (cmdId: msg[HEAD_SIZE].CommandId, payload: msg[HEAD_SIZE + 1 .. ^1])