From 1bc63df5f2328a9ed0ad383e930dd7ea0150b13d Mon Sep 17 00:00:00 2001
From: Andrea Franz <andrea@gravityblast.com>
Date: Tue, 26 Jun 2018 10:41:03 +0200
Subject: [PATCH] validate query range on requestMessages API (#1060)

---
 services/shhext/api.go          | 5 +++++
 services/shhext/service_test.go | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/services/shhext/api.go b/services/shhext/api.go
index d6c32d853..341fa9498 100644
--- a/services/shhext/api.go
+++ b/services/shhext/api.go
@@ -115,6 +115,11 @@ func (api *PublicAPI) RequestMessages(_ context.Context, r MessagesRequest) (hex
 	shh := api.service.w
 	now := api.service.w.GetCurrentTime()
 	r.setDefaults(now)
+
+	if r.From > r.To {
+		return nil, fmt.Errorf("Query range is invalid: from > to (%d > %d)", r.From, r.To)
+	}
+
 	mailServerNode, err := discover.ParseNode(r.MailServerPeer)
 	if err != nil {
 		return nil, fmt.Errorf("%v: %v", ErrInvalidMailServerPeer, err)
diff --git a/services/shhext/service_test.go b/services/shhext/service_test.go
index a753f0de7..2b04ca00b 100644
--- a/services/shhext/service_test.go
+++ b/services/shhext/service_test.go
@@ -196,6 +196,14 @@ func (s *ShhExtSuite) TestRequestMessages() {
 	s.Contains(err.Error(), "Could not find peer with ID")
 	s.Nil(hash)
 
+	// from is greater than to
+	hash, err = api.RequestMessages(context.TODO(), MessagesRequest{
+		From: 10,
+		To:   5,
+	})
+	s.Contains(err.Error(), "Query range is invalid: from > to (10 > 5)")
+	s.Nil(hash)
+
 	// with a peer acting as a mailserver
 	// prepare a node first
 	mailNode, err := node.New(&node.Config{