Skip to content

p2p/enode: add validation for binary.Varint/Uvarint in nodedb operations #33141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

p2p/enode: add validation for binary.Varint/Uvarint in nodedb operations #33141

wants to merge 1 commit into from

Conversation

@777genius
Copy link

@777genius 777genius commented Nov 9, 2025

Summary

This PR adds missing error checking for binary.Varint and binary.Uvarint calls in nodedb.go to ensure data integrity and prevent incorrect behavior when reading corrupted database entries.

Problem

Missing validation in two locations leads to inconsistency and potential issues:

  1. Line 223 (fetchUint64): Ignores n return value - inconsistent with fetchInt64 which properly validates
  2. Line 341 (expireNodes): Ignores n return value when reading pong timestamps

When binary.Varint/Uvarint returns n <= 0, it indicates:

  • n == 0: Buffer too small (incomplete varint)
  • n < 0: Value overflow (> 64 bits)

Without checks:

  • fetchUint64() can return garbage values from corrupted data
  • expireNodes() can use invalid timestamps leading to incorrect node expiration decisions
  • Inconsistency between fetchInt64() (which validates) and fetchUint64() (which doesn't)

Solution

Added validation following the existing fetchInt64() pattern (lines 203-206):

val, n := binary.Uvarint(blob)
if n <= 0 {
    return 0
}
return val

For expireNodes(), added validation with silent skip:

time, n := binary.Varint(it.Value())
if n <= 0 {
    // Skip corrupted timestamp entry
    atEnd = !it.Next()
    continue
}

Testing

Added comprehensive tests:

  • TestDBFetchUint64Corrupted: Tests truncated varint, overflow varint, empty data, and valid data cases
  • TestDBExpireNodesCorrupted: Tests that expireNodes handles corrupted pong timestamps gracefully
  • All existing tests pass

Context

This fixes an inconsistency where fetchInt64() at lines 203-206 properly validates the return value but fetchUint64() does not.

@777genius
p2p/enode: add validation for binary.Varint/Uvarint in nodedb operations
8a81c00 
This commit adds missing error checking for binary.Varint and binary.Uvarint
calls in nodedb.go to ensure data integrity and prevent incorrect behavior
when reading corrupted database entries.

Missing validation could lead to:
- fetchUint64() returning garbage values from corrupted data
- expireNodes() using invalid timestamps for node expiration decisions
- Incorrect node lifecycle management

Changes:
- Add n <= 0 validation in fetchUint64() (line 224) matching fetchInt64() pattern
- Add n <= 0 validation in expireNodes() (line 345) to skip corrupted timestamps
- Add comprehensive tests for corrupted varint handling
  - TestDBFetchUint64Corrupted: Tests truncated, overflow, and empty varint cases
  - TestDBExpireNodesCorrupted: Tests expireNodes with corrupted pong timestamps

Fixes inconsistency where fetchInt64() properly validates but fetchUint64() does not.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fjl fjl Awaiting requested review from fjl fjl is a code owner

@zsfelfoldi zsfelfoldi Awaiting requested review from zsfelfoldi zsfelfoldi is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@777genius @rjl493456442