Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix rpc decoding to reject extra data #208

Merged
merged 2 commits into from
Aug 7, 2023

Conversation

divagant-martian
Copy link
Collaborator

@divagant-martian divagant-martian commented Aug 3, 2023

Description

addresses #207
verify that received data does not contain extra bytes when doing rlp encoding.

Notes & open questions

This is (I think) appropriate workaround to what I would consider either a bug or an api shortcoming in rlp

Change checklist

  • Self-review
  • Documentation updates if relevant
  • Tests if relevant

@divagant-martian divagant-martian changed the title reject extra data fix rpc decoding to reject extra data Aug 3, 2023
Copy link
Member

@AgeManning AgeManning left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks alright to me.

We probably need to run some tests to see if there is any bad rlp out in the wild

@AgeManning AgeManning merged commit 1439dec into sigp:master Aug 7, 2023
AgeManning added a commit that referenced this pull request Feb 21, 2024
* Version bump to v0.3.1 (#203)

* fix docs (#204)

* refactor for removing `Discv5` prefix (#206)

* goodbye prefix

* adjust docs

* fix rpc decoding to reject extra data (#208)

* reject extra data

* reduce diff

* expected_responses remains after challenge has been completed (#210)

* Replace `Handler::spawn` with `build_handler()` and `Handler::start()`

* Test the handler's states after the handler has been terminated

* Remove expected response on handle_auth_message()

* Rename variables for readability

* Expose local ENR Arc (#214)

* Use zero ports in tests (#216)

* update dependencies (#219)

* Changing port of ReponseBody::Pong to NonZeroU16 (#220)

* Change `port` from u16 to NonZeroU16

* Fix tests

* Fix test: the PONG port can't be zero

* Fix clippy warnings

* Update 'enr' dependency (#223)

* Add support for concurrent requests to a single peer. (#200)

Co-authored-by: ackintosh <[email protected]>
Co-authored-by: Diva M <[email protected]>
Co-authored-by: Age Manning <[email protected]>

* Adjust some logs (#225)

* remove log for timed out query. This is always informed in the callback

* expand common logs, unify info on startup

* adjust auth header log

* Update src/service.rs

* Appease clippy

* Realised I was wrong. Don't need this log, my bad

* fmt

---------

Co-authored-by: Age Manning <[email protected]>

* Version bump to v0.4.0

* make tracing-subscriber a dev dep (#226)

* Fix warnings and bump libp2p (#232)

* Update session_cache_capacity from usize to NonZeroUsize

since the argument of LruCache::new is NonZeroUsize.

* Fix rustdoc

* cargo fmt

* Fix a merging mistake: lost validation in Message::decode

---------

Co-authored-by: Age Manning <[email protected]>
Co-authored-by: Divma <[email protected]>
Co-authored-by: Jack McPherson <[email protected]>
Co-authored-by: João Oliveira <[email protected]>
Co-authored-by: Milos Stankovic <[email protected]>
Co-authored-by: Nick Gheorghita <[email protected]>
Co-authored-by: Diva M <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants