fix: enforce max bitfield size on decode

Stebalien · Stebalien · commit 4e08a0c7014d · 2022-03-31T20:54:14.000-04:00
Honestly, we probably _don't_ need this in the FVM because:

1. Malicious inputs will burn gas for compute and won't be able to OOM
the node.
2. Large bitfields will fail to serialize to state anyways.

However, I'd like relaxing this check to be an explicit step.

Fixes C1.
diff --git a/ipld/bitfield/src/rleplus/mod.rs b/ipld/bitfield/src/rleplus/mod.rs
@@ -105,6 +105,12 @@ impl<'de> Deserialize<'de> for BitField {
         D: Deserializer<'de>,
     {
         let bytes: Cow<'de, [u8]> = serde_bytes::deserialize(deserializer)?;
+        if bytes.len() > MAX_ENCODED_SIZE {
+            return Err(serde::de::Error::custom(format!(
+                "encoded bitfield was too large {}",
+                bytes.len()
+            )));
+        }
         Self::from_bytes(&bytes).map_err(serde::de::Error::custom)
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -105,6 +105,12 @@ impl<'de> Deserialize<'de> for BitField {`
`105`	`105`	`D: Deserializer<'de>,`
`106`	`106`	`{`
`107`	`107`	`let bytes: Cow<'de, [u8]> = serde_bytes::deserialize(deserializer)?;`
	`108`	`+ if bytes.len() > MAX_ENCODED_SIZE {`
	`109`	`+ return Err(serde::de::Error::custom(format!(`
	`110`	`+ "encoded bitfield was too large {}",`
	`111`	`+ bytes.len()`
	`112`	`+ )));`
	`113`	`+ }`
`108`	`114`	`Self::from_bytes(&bytes).map_err(serde::de::Error::custom)`
`109`	`115`	`}`
`110`	`116`	`}`