From 2df524320a06073aa2813db24243cdefd6f82e83 Mon Sep 17 00:00:00 2001 From: Siddharth Baleja Date: Tue, 18 Nov 2025 18:33:20 +0530 Subject: [PATCH 1/2] feat(pdp): enforce extraData size limit at the service level (fixes #713) --- pdp/handlers_add.go | 5 +++++ pdp/handlers_create.go | 20 ++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/pdp/handlers_add.go b/pdp/handlers_add.go index 7d964b381..515852701 100644 --- a/pdp/handlers_add.go +++ b/pdp/handlers_add.go @@ -329,6 +329,11 @@ func (p *PDPService) handleAddPieceToDataSet(w http.ResponseWriter, r *http.Requ http.Error(w, "Invalid extraData format (must be hex encoded): "+err.Error(), http.StatusBadRequest) return } + if len(extraDataBytes) > MaxAddPiecesExtraDataSize { + errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for AddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize) + http.Error(w, errMsg, http.StatusBadRequest) + return + } // Step 4: Prepare piece information pieceDataArray, subPieceInfoMap, subPieceCidList, err := p.transformAddPiecesRequest(ctx, serviceLabel, payload.Pieces) diff --git a/pdp/handlers_create.go b/pdp/handlers_create.go index f7200d45e..049a9ace4 100644 --- a/pdp/handlers_create.go +++ b/pdp/handlers_create.go @@ -3,6 +3,7 @@ package pdp import ( "encoding/hex" "encoding/json" + "fmt" "io" "math/big" "net/http" @@ -16,6 +17,15 @@ import ( "github.com/filecoin-project/curio/harmony/harmonydb" "github.com/filecoin-project/curio/pdp/contract" ) +const ( + // MaxCreateDataSetExtraDataSize defines the service-level limit for extraData in CreateDataSet calls (4KB). + // Recommended in FilOzone/pdp#224. + MaxCreateDataSetExtraDataSize = 4096 + + // MaxAddPiecesExtraDataSize defines the service-level limit for extraData in AddPieces calls (8KB). + // Recommended in FilOzone/pdp#224. + MaxAddPiecesExtraDataSize = 8192 +) var logCreate = logger.Logger("pdp/create") @@ -64,6 +74,11 @@ func (p *PDPService) handleCreateDataSetAndAddPieces(w http.ResponseWriter, r *h http.Error(w, "Invalid extraData format (must be hex encoded)", http.StatusBadRequest) return } + if len(extraDataBytes) > MaxAddPiecesExtraDataSize { + errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSetAndAddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize) + http.Error(w, errMsg, http.StatusBadRequest) + return + } // Check if indexing is needed by decoding the extraData mustIndex, err := CheckIfIndexingNeededFromExtraData(extraDataBytes) @@ -224,6 +239,11 @@ func (p *PDPService) handleCreateDataSet(w http.ResponseWriter, r *http.Request) http.Error(w, "Invalid extraData format (must be hex encoded): "+err.Error(), http.StatusBadRequest) return } + if len(extraDataBytes) > MaxCreateDataSetExtraDataSize { + errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSet (%d bytes)", len(extraDataBytes), MaxCreateDataSetExtraDataSize) + http.Error(w, errMsg, http.StatusBadRequest) + return + } // Step 3: Get the sender address from 'eth_keys' table where role = 'pdp' limit 1 fromAddress, err := p.getSenderAddress(ctx) From e61fbe49525986b426c32bbb1b7ad6da0cefaf4e Mon Sep 17 00:00:00 2001 From: Siddharth Baleja Date: Tue, 18 Nov 2025 18:52:51 +0530 Subject: [PATCH 2/2] Linting --- pdp/handlers_add.go | 8 ++++---- pdp/handlers_create.go | 17 +++++++++-------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/pdp/handlers_add.go b/pdp/handlers_add.go index 515852701..256c22344 100644 --- a/pdp/handlers_add.go +++ b/pdp/handlers_add.go @@ -330,10 +330,10 @@ func (p *PDPService) handleAddPieceToDataSet(w http.ResponseWriter, r *http.Requ return } if len(extraDataBytes) > MaxAddPiecesExtraDataSize { - errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for AddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize) - http.Error(w, errMsg, http.StatusBadRequest) - return - } + errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for AddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize) + http.Error(w, errMsg, http.StatusBadRequest) + return + } // Step 4: Prepare piece information pieceDataArray, subPieceInfoMap, subPieceCidList, err := p.transformAddPiecesRequest(ctx, serviceLabel, payload.Pieces) diff --git a/pdp/handlers_create.go b/pdp/handlers_create.go index 049a9ace4..7a22c293a 100644 --- a/pdp/handlers_create.go +++ b/pdp/handlers_create.go @@ -17,6 +17,7 @@ import ( "github.com/filecoin-project/curio/harmony/harmonydb" "github.com/filecoin-project/curio/pdp/contract" ) + const ( // MaxCreateDataSetExtraDataSize defines the service-level limit for extraData in CreateDataSet calls (4KB). // Recommended in FilOzone/pdp#224. @@ -75,10 +76,10 @@ func (p *PDPService) handleCreateDataSetAndAddPieces(w http.ResponseWriter, r *h return } if len(extraDataBytes) > MaxAddPiecesExtraDataSize { - errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSetAndAddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize) - http.Error(w, errMsg, http.StatusBadRequest) - return - } + errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSetAndAddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize) + http.Error(w, errMsg, http.StatusBadRequest) + return + } // Check if indexing is needed by decoding the extraData mustIndex, err := CheckIfIndexingNeededFromExtraData(extraDataBytes) @@ -240,10 +241,10 @@ func (p *PDPService) handleCreateDataSet(w http.ResponseWriter, r *http.Request) return } if len(extraDataBytes) > MaxCreateDataSetExtraDataSize { - errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSet (%d bytes)", len(extraDataBytes), MaxCreateDataSetExtraDataSize) - http.Error(w, errMsg, http.StatusBadRequest) - return - } + errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSet (%d bytes)", len(extraDataBytes), MaxCreateDataSetExtraDataSize) + http.Error(w, errMsg, http.StatusBadRequest) + return + } // Step 3: Get the sender address from 'eth_keys' table where role = 'pdp' limit 1 fromAddress, err := p.getSenderAddress(ctx)