Merge pull request #437 from filecoin-project/fix/enforce-max-bitfield-size

Stebalien · web-flow · commit 8cd23d3d29ce · 2022-04-01T13:04:26.000-04:00
fix: enforce max bitfield size on decode
diff --git a/ipld/bitfield/src/rleplus/mod.rs b/ipld/bitfield/src/rleplus/mod.rs
@@ -105,6 +105,12 @@ impl<'de> Deserialize<'de> for BitField {
         D: Deserializer<'de>,
     {
         let bytes: Cow<'de, [u8]> = serde_bytes::deserialize(deserializer)?;
+        if bytes.len() > MAX_ENCODED_SIZE {
+            return Err(serde::de::Error::custom(format!(
+                "encoded bitfield was too large {}",
+                bytes.len()
+            )));
+        }
         Self::from_bytes(&bytes).map_err(serde::de::Error::custom)
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -105,6 +105,12 @@ impl<'de> Deserialize<'de> for BitField {`
`105`	`105`	`D: Deserializer<'de>,`
`106`	`106`	`{`
`107`	`107`	`let bytes: Cow<'de, [u8]> = serde_bytes::deserialize(deserializer)?;`
	`108`	`+ if bytes.len() > MAX_ENCODED_SIZE {`
	`109`	`+ return Err(serde::de::Error::custom(format!(`
	`110`	`+ "encoded bitfield was too large {}",`
	`111`	`+ bytes.len()`
	`112`	`+ )));`
	`113`	`+ }`
`108`	`114`	`Self::from_bytes(&bytes).map_err(serde::de::Error::custom)`
`109`	`115`	`}`
`110`	`116`	`}`