@@ -173,22 +173,16 @@ impl<ST: CertificateSignatureRecoverable> UdpState<ST> {
173173 continue ;
174174 }
175175
176- let maybe_broadcast_mode = match (
177- parsed_message. broadcast ,
178- parsed_message. secondary_broadcast ,
179- ) {
180- ( true , false ) => Some ( BroadcastMode :: Primary ) ,
181- ( false , true ) => Some ( BroadcastMode :: Secondary ) ,
182- ( false , false ) => None ,
183- ( true , true ) => {
184- // invalid to have both primary and secondary broadcast bit set
185- debug ! (
186- ?parsed_message. author,
187- "Receiving invalid message with both broadcast and secondary broadcast bit set"
188- ) ;
189- continue ;
190- }
191- } ;
176+ let maybe_broadcast_mode =
177+ match ( parsed_message. broadcast , parsed_message. secondary_broadcast ) {
178+ ( true , false ) => Some ( BroadcastMode :: Primary ) ,
179+ ( false , true ) => Some ( BroadcastMode :: Secondary ) ,
180+ ( false , false ) => None ,
181+ ( true , true ) => {
182+ // rejected by parse_message() with InvalidBroadcastBits
183+ unreachable ! ( )
184+ }
185+ } ;
192186
193187 // Note: The check that parsed_message.author is valid is already
194188 // done in iterate_rebroadcast_peers(), but we want to drop invalid
@@ -845,6 +839,7 @@ pub enum MessageValidationError {
845839 max : u64 ,
846840 delta : i64 ,
847841 } ,
842+ InvalidBroadcastBits ,
848843}
849844
850845/// - 65 bytes => Signature of sender over hash(rest of message up to merkle proof, concatenated with merkle root)
@@ -903,6 +898,10 @@ where
903898 let secondary_broadcast = ( cursor_broadcast_tree_depth & ( 1 << 6 ) ) != 0 ;
904899 let tree_depth = cursor_broadcast_tree_depth & 0b0000_1111 ; // bottom 4 bits
905900
901+ if broadcast && secondary_broadcast {
902+ return Err ( MessageValidationError :: InvalidBroadcastBits ) ;
903+ }
904+
906905 if !( MIN_MERKLE_TREE_DEPTH ..=MAX_MERKLE_TREE_DEPTH ) . contains ( & tree_depth) {
907906 return Err ( MessageValidationError :: InvalidTreeDepth ) ;
908907 }
0 commit comments