Sei remote sign hotfix: aggregate tcp chunks before unmarshal proto #1
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,12 +7,9 @@ use crate::privval::SignableMsg; | |
| use prost::Message as _; | ||
| use std::io::Read; | ||
| use tendermint::{chain, Proposal, Vote}; | ||
| use tendermint_p2p::secret_connection::DATA_MAX_SIZE; | ||
| use tendermint_proto as proto; | ||
|
|
||
| use crate::{ | ||
| error::{Error, ErrorKind}, | ||
| prelude::*, | ||
|
|
@@ -31,12 +28,36 @@ pub enum Request { | |
| impl Request { | ||
| /// Read a request from the given readable. | ||
| pub fn read(conn: &mut impl Read, expected_chain_id: &chain::Id) -> Result<Self, Error> { | ||
| let mut msg_bytes: Vec<u8> = vec![]; | ||
mkaczanowski marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| let msg; | ||
|
|
||
| // fix for Sei: collect incoming bytes of Protobuf from incoming msg | ||
| loop { | ||
|
There was a problem hiding this comment. Wonder if this logic should go to There was a problem hiding this comment. maybe not to proto, since proto shouldn't care about transport. Rather to |
||
| let mut msg_chunk = read_msg(conn)?; | ||
| let chunk_len = msg_chunk.len(); | ||
| msg_bytes.append(&mut msg_chunk); | ||
|
|
||
| // if we can decode it, great, break the loop | ||
| match proto::privval::Message::decode_length_delimited(msg_bytes.as_ref()) { | ||
| Ok(m) => { | ||
| msg = m.sum; | ||
| break; | ||
| } | ||
| Err(e) => { | ||
| // if chunk_len < DATA_MAX_SIZE (1024) we assume it was the end of the message and it is malformed | ||
|
There was a problem hiding this comment. For a cleaned up version, I would remove any hardcoded numbers, i.e. 1024. The |
||
| if chunk_len < DATA_MAX_SIZE { | ||
| return Err(format_err!( | ||
| ErrorKind::ProtocolError, | ||
| "malformed message packet: {}", | ||
| e | ||
| ) | ||
| .into()); | ||
| } | ||
| // otherwise, we go to start of the loop assuming next chunk(s) | ||
| // will fill the message | ||
| } | ||
| } | ||
|
Comment on lines
+41
to
+59
There was a problem hiding this comment. So... if There was a problem hiding this comment. correct. The idea is, when we get a chunk, if it is < 1024, then we think it is the end of the message. Or, if it is = 1024 and we can parse aggregated, then it is the end of the message as well. This is far from elegant, however, I don't know what else we can do given that tmkms can't know the full length of incoming chunked message (see also he explanation in description). https://github.com/sei-protocol/sei-tendermint/blob/main/privval/secret_connection.go#L210-L219 There was a problem hiding this comment. I would add the GH URL as a comment to explain where this assumption came from. Those few lines explain everything: (also please use the cometbft url I pasted, rather than sei-tendermint :) ) There was a problem hiding this comment. (also) there is grpc endpoint that tmkms will use some day, tony (main maintainer of tmkms) has some PR somwhere to make it work, but it's not there yet. So this code-path one day will be deprecated, but for now it is a main logic that needs to be fixed |
||
| } | ||
|
|
||
| let (req, chain_id) = match msg { | ||
| Some(proto::privval::message::Sum::SignVoteRequest( | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to confirm that this change doesn't affect other things, once Sei works
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes sure, makes sense! should I revert it for now then?
The reasoning behind this change is:
I might not see the full picture, but p2p lib reads chunk of this size internally, so it doesn't make sense to have a larger buffer here actually. Same think they say in the comment.