Validate lower/upper limit in mailserver request (#1058)

This commit is contained in:
Ivan Daniluk 2018-06-26 09:33:05 +02:00 committed by Adrià Cidre
parent 385f3b3377
commit b003400b4b
2 changed files with 6 additions and 1 deletions

View File

@ -294,6 +294,11 @@ func (s *WMailServer) validateRequest(peerID []byte, request *whisper.Envelope)
lower := binary.BigEndian.Uint32(decrypted.Payload[:4]) lower := binary.BigEndian.Uint32(decrypted.Payload[:4])
upper := binary.BigEndian.Uint32(decrypted.Payload[4:8]) upper := binary.BigEndian.Uint32(decrypted.Payload[4:8])
if upper < lower {
log.Error(fmt.Sprintf("Query range is invalid: from > to (%d > %d)", lower, upper))
return false, 0, 0, nil
}
lowerTime := time.Unix(int64(lower), 0) lowerTime := time.Unix(int64(lower), 0)
upperTime := time.Unix(int64(upper), 0) upperTime := time.Unix(int64(upper), 0)
if upperTime.Sub(lowerTime) > maxQueryRange { if upperTime.Sub(lowerTime) > maxQueryRange {

View File

@ -209,7 +209,7 @@ func (s *MailserverSuite) TestMailServer() {
{ {
params: func() *ServerTestParams { params: func() *ServerTestParams {
params := s.defaultServerParams(env) params := s.defaultServerParams(env)
params.low = 0 params.low = params.birth
params.upp = params.birth - 1 params.upp = params.birth - 1
return params return params