neo-project · erikzhang · Nov 26, 2019 · Nov 20, 2019 · Nov 20, 2019 · Nov 20, 2019
diff --git a/neo/Consensus/ChangeView.cs b/neo/Consensus/ChangeView.cs
@@ -1,3 +1,4 @@
+using System;
 using System.IO;
 
 namespace Neo.Consensus
@@ -32,6 +33,8 @@ public override void Deserialize(BinaryReader reader)
             base.Deserialize(reader);
             Timestamp = reader.ReadUInt64();
             Reason = (ChangeViewReason)reader.ReadByte();
+            if (!Enum.IsDefined(typeof(ChangeViewReason), Reason))
+                throw new FormatException();
         }
 
         public override void Serialize(BinaryWriter writer)

diff --git a/neo/Consensus/ConsensusMessage.cs b/neo/Consensus/ConsensusMessage.cs
@@ -24,7 +24,11 @@ protected ConsensusMessage(ConsensusMessageType type)
 
         public virtual void Deserialize(BinaryReader reader)
         {
-            if (Type != (ConsensusMessageType)reader.ReadByte())
+            ConsensusMessageType cmt = (ConsensusMessageType)reader.ReadByte();
+            if (!Enum.IsDefined(typeof(ConsensusMessageType), cmt))
+                throw new FormatException();
+
+            if (Type != cmt)
                 throw new FormatException();
             ViewNumber = reader.ReadByte();
         }

diff --git a/neo/Network/P2P/Message.cs b/neo/Network/P2P/Message.cs
@@ -102,6 +102,8 @@ void ISerializable.Deserialize(BinaryReader reader)
         {
             Flags = (MessageFlags)reader.ReadByte();
             Command = (MessageCommand)reader.ReadByte();
+            if (!Enum.IsDefined(typeof(MessageCommand), Command))
+                throw new FormatException();
             _payload_compressed = reader.ReadVarBytes(PayloadMaxSize);
             DecompressPayload();
         }
@@ -152,6 +154,8 @@ internal static int TryDeserialize(ByteString data, out Message msg)
                 Command = (MessageCommand)header[1],
                 _payload_compressed = length <= 0 ? new byte[0] : data.Slice(payloadIndex, (int)length).ToArray()
             };
+            if (!Enum.IsDefined(typeof(MessageCommand), msg.Command))
+                throw new FormatException();
             msg.DecompressPayload();
 
             return payloadIndex + (int)length;

diff --git a/neo/Network/P2P/Payloads/Cosigner.cs b/neo/Network/P2P/Payloads/Cosigner.cs
@@ -32,6 +32,8 @@ void ISerializable.Deserialize(BinaryReader reader)
         {
             Account = reader.ReadSerializable<UInt160>();
             Scopes = (WitnessScope)reader.ReadByte();
+            if (!Enum.IsDefined(typeof(WitnessScope), Scopes))
+                throw new FormatException();
             AllowedContracts = Scopes.HasFlag(WitnessScope.CustomContracts)
                 ? reader.ReadSerializableArray<UInt160>(MaxSubitems)
                 : new UInt160[0];

diff --git a/neo/Network/P2P/Payloads/TransactionAttribute.cs b/neo/Network/P2P/Payloads/TransactionAttribute.cs
@@ -37,7 +37,9 @@ public JObject ToJson()
         public static TransactionAttribute FromJson(JObject json)
         {
             TransactionAttribute transactionAttribute = new TransactionAttribute();
-            transactionAttribute.Usage = (TransactionAttributeUsage)(byte.Parse(json["usage"].AsString()));
+            transactionAttribute.Usage = (TransactionAttributeUsage)byte.Parse(json["usage"].AsString());
+            if (!Enum.IsDefined(typeof(TransactionAttributeUsage), transactionAttribute.Usage))
+                throw new ArgumentException();
             transactionAttribute.Data = Convert.FromBase64String(json["data"].AsString());
             return transactionAttribute;
         }

diff --git a/neo/SmartContract/Manifest/ContractParameterDefinition.cs b/neo/SmartContract/Manifest/ContractParameterDefinition.cs
@@ -26,7 +26,7 @@ public static ContractParameterDefinition FromJson(JObject json)
             return new ContractParameterDefinition
             {
                 Name = json["name"].AsString(),
-                Type = (ContractParameterType)Enum.Parse(typeof(ContractParameterType), json["type"].AsString()),
+                Type = (ContractParameterType)Enum.Parse(typeof(ContractParameterType), json["type"].AsString())
             };
         }
 

diff --git a/neo/Wallets/SQLite/VerificationContract.cs b/neo/Wallets/SQLite/VerificationContract.cs
@@ -14,7 +14,13 @@ public class VerificationContract : SmartContract.Contract, IEquatable<Verificat
         public void Deserialize(BinaryReader reader)
         {
             reader.ReadSerializable<UInt160>();
-            ParameterList = reader.ReadVarBytes().Select(p => (ContractParameterType)p).ToArray();
+            ParameterList = reader.ReadVarBytes().Select(p =>
+            {
+                var ret = (ContractParameterType)p;
+                if (!Enum.IsDefined(typeof(ContractParameterType), ret))
+                    throw new FormatException();
+                return ret;
+            }).ToArray();
             Script = reader.ReadVarBytes();
         }