Skip to content

Commit

Permalink
fix(p2p): preemptive panic recovery (#174)
Browse files Browse the repository at this point in the history
This protects the library from potential dos vectors introduced by go-header users in the header deserialization and verification code paths.
  • Loading branch information
Wondertan authored Apr 20, 2024
1 parent de4400b commit 88c5b8c
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
9 changes: 8 additions & 1 deletion p2p/session.go
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,14 @@ func (s *session[H]) doRequest(
}

// processResponses converts HeaderResponse to Header.
func (s *session[H]) processResponses(responses []*p2p_pb.HeaderResponse) ([]H, error) {
func (s *session[H]) processResponses(responses []*p2p_pb.HeaderResponse) (h []H, err error) {
defer func() {
r := recover()
if r != nil {
err = fmt.Errorf("PANIC processing responses: %s", r)
}
}()

hdrs, err := processResponses[H](responses)
if err != nil {
return nil, err
Expand Down
10 changes: 9 additions & 1 deletion p2p/subscriber.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,15 @@ func (s *Subscriber[H]) Stop(context.Context) error {
// SetVerifier set given verification func as Header PubSub topic validator
// Does not punish peers if *header.VerifyError is given with Uncertain set to true.
func (s *Subscriber[H]) SetVerifier(val func(context.Context, H) error) error {
pval := func(ctx context.Context, p peer.ID, msg *pubsub.Message) pubsub.ValidationResult {
pval := func(ctx context.Context, p peer.ID, msg *pubsub.Message) (res pubsub.ValidationResult) {
defer func() {
err := recover()
if err != nil {
log.Errorf("PANIC while unmarshalling or verifying header: %s", err)
res = pubsub.ValidationReject
}
}()

hdr := header.New[H]()
err := hdr.UnmarshalBinary(msg.Data)
if err != nil {
Expand Down

0 comments on commit 88c5b8c

Please sign in to comment.