Skip to content

Commit 30d24b2

Browse files
yukibtcyukibtc
committed
nostr: allow client and relays messages to be longer than expected during deserialization
A relay is sending a 3rd argument in `EOSE` message causing issues with deserialization. Checking if the message array len is `>= X` fix this and potentially others issues in the future.
1 parent a67cd2a commit 30d24b2

File tree

2 files changed

+98
-93
lines changed

2 files changed

+98
-93
lines changed

crates/nostr/src/message/client.rs

Lines changed: 38 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -223,11 +223,12 @@ impl ClientMessage {
223223
// Event
224224
// ["EVENT", <event JSON>]
225225
if v[0] == "EVENT" {
226-
if v_len != 2 {
226+
if v_len >= 2 {
227+
let event = Event::from_value(v[1].clone())?;
228+
return Ok(Self::new_event(event));
229+
} else {
227230
return Err(MessageHandleError::InvalidMessageFormat);
228231
}
229-
let event = Event::from_value(v[1].clone())?;
230-
return Ok(Self::new_event(event));
231232
}
232233

233234
// Req
@@ -262,67 +263,70 @@ impl ClientMessage {
262263
// Close
263264
// ["CLOSE", <subscription_id>]
264265
if v[0] == "CLOSE" {
265-
if v_len != 2 {
266+
if v_len >= 2 {
267+
let subscription_id: SubscriptionId = serde_json::from_value(v[1].clone())?;
268+
return Ok(Self::close(subscription_id));
269+
} else {
266270
return Err(MessageHandleError::InvalidMessageFormat);
267271
}
268-
269-
let subscription_id: SubscriptionId = serde_json::from_value(v[1].clone())?;
270-
271-
return Ok(Self::close(subscription_id));
272272
}
273273

274274
// Auth
275275
// ["AUTH", <event JSON>]
276276
if v[0] == "AUTH" {
277-
if v_len != 2 {
277+
if v_len >= 2 {
278+
let event = Event::from_value(v[1].clone())?;
279+
return Ok(Self::new_auth(event));
280+
} else {
278281
return Err(MessageHandleError::InvalidMessageFormat);
279282
}
280-
let event = Event::from_value(v[1].clone())?;
281-
return Ok(Self::new_auth(event));
282283
}
283284

284285
// Negentropy Open
285286
// ["NEG-OPEN", <subscription ID string>, <filter>, <idSize>, <initialMessage, lowercase hex-encoded>]
286287
if v[0] == "NEG-OPEN" {
287-
if v_len != 5 {
288+
if v_len >= 5 {
289+
let subscription_id: SubscriptionId = serde_json::from_value(v[1].clone())?;
290+
let filter: Filter = Filter::from_json(v[2].to_string())?;
291+
let id_size: u8 =
292+
v[3].as_u64()
293+
.ok_or(MessageHandleError::InvalidMessageFormat)? as u8;
294+
let initial_message: String = serde_json::from_value(v[4].clone())?;
295+
return Ok(Self::NegOpen {
296+
subscription_id,
297+
filter: Box::new(filter),
298+
id_size,
299+
initial_message,
300+
});
301+
} else {
288302
return Err(MessageHandleError::InvalidMessageFormat);
289303
}
290-
let subscription_id: SubscriptionId = serde_json::from_value(v[1].clone())?;
291-
let filter: Filter = Filter::from_json(v[2].to_string())?;
292-
let id_size: u8 =
293-
v[3].as_u64()
294-
.ok_or(MessageHandleError::InvalidMessageFormat)? as u8;
295-
let initial_message: String = serde_json::from_value(v[4].clone())?;
296-
return Ok(Self::NegOpen {
297-
subscription_id,
298-
filter: Box::new(filter),
299-
id_size,
300-
initial_message,
301-
});
302304
}
303305

304306
// Negentropy Message
305307
// ["NEG-MSG", <subscription ID string>, <message, lowercase hex-encoded>]
306308
if v[0] == "NEG-MSG" {
307-
if v_len != 3 {
309+
if v_len >= 3 {
310+
let subscription_id: SubscriptionId = serde_json::from_value(v[1].clone())?;
311+
let message: String = serde_json::from_value(v[2].clone())?;
312+
return Ok(Self::NegMsg {
313+
subscription_id,
314+
message,
315+
});
316+
} else {
308317
return Err(MessageHandleError::InvalidMessageFormat);
309318
}
310-
let subscription_id: SubscriptionId = serde_json::from_value(v[1].clone())?;
311-
let message: String = serde_json::from_value(v[2].clone())?;
312-
return Ok(Self::NegMsg {
313-
subscription_id,
314-
message,
315-
});
316319
}
317320

318321
// Negentropy Close
319322
// ["NEG-CLOSE", <subscription ID string>]
320323
if v[0] == "NEG-CLOSE" {
321-
if v_len != 2 {
324+
if v_len >= 2 {
325+
let subscription_id: SubscriptionId = serde_json::from_value(v[1].clone())?;
326+
return Ok(Self::NegClose { subscription_id });
327+
} else {
322328
return Err(MessageHandleError::InvalidMessageFormat);
323329
}
324-
let subscription_id: SubscriptionId = serde_json::from_value(v[1].clone())?;
325-
return Ok(Self::NegClose { subscription_id });
326330
}
327331

328332
Err(MessageHandleError::InvalidMessageFormat)

crates/nostr/src/message/relay/raw.rs

Lines changed: 60 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -87,122 +87,123 @@ impl RawRelayMessage {
8787
// Notice
8888
// Relay response format: ["NOTICE", <message>]
8989
if v[0] == "NOTICE" {
90-
if v_len != 2 {
90+
if v_len >= 2 {
91+
return Ok(Self::Notice {
92+
message: serde_json::from_value(v[1].clone())?,
93+
});
94+
} else {
9195
return Err(MessageHandleError::InvalidMessageFormat);
9296
}
93-
return Ok(Self::Notice {
94-
message: serde_json::from_value(v[1].clone())?,
95-
});
9697
}
9798

9899
// Closed
99100
// Relay response format: ["CLOSED", <subscription_id>, <message>]
100101
if v[0] == "CLOSED" {
101-
if v_len != 3 {
102+
if v_len >= 3 {
103+
return Ok(Self::Closed {
104+
subscription_id: serde_json::from_value(v[1].clone())?,
105+
message: serde_json::from_value(v[2].clone())?,
106+
});
107+
} else {
102108
return Err(MessageHandleError::InvalidMessageFormat);
103109
}
104-
105-
return Ok(Self::Closed {
106-
subscription_id: serde_json::from_value(v[1].clone())?,
107-
message: serde_json::from_value(v[2].clone())?,
108-
});
109110
}
110111

111112
// Event
112113
// Relay response format: ["EVENT", <subscription id>, <event JSON>]
113114
if v[0] == "EVENT" {
114-
if v_len != 3 {
115+
if v_len >= 3 {
116+
return Ok(Self::Event {
117+
subscription_id: serde_json::from_value(v[1].clone())?,
118+
event: v[2].clone(),
119+
});
120+
} else {
115121
return Err(MessageHandleError::InvalidMessageFormat);
116122
}
117-
118-
return Ok(Self::Event {
119-
subscription_id: serde_json::from_value(v[1].clone())?,
120-
event: v[2].clone(),
121-
});
122123
}
123124

124125
// EOSE (NIP-15)
125126
// Relay response format: ["EOSE", <subscription_id>]
126127
if v[0] == "EOSE" {
127-
if v_len != 2 {
128+
if v_len >= 2 {
129+
let subscription_id: String = serde_json::from_value(v[1].clone())?;
130+
return Ok(Self::EndOfStoredEvents(subscription_id));
131+
} else {
128132
return Err(MessageHandleError::InvalidMessageFormat);
129133
}
130-
131-
let subscription_id: String = serde_json::from_value(v[1].clone())?;
132-
return Ok(Self::EndOfStoredEvents(subscription_id));
133134
}
134135

135136
// OK (NIP-20)
136137
// Relay response format: ["OK", <event_id>, <true|false>, <message>]
137138
if v[0] == "OK" {
138-
if v_len != 4 {
139+
if v_len >= 4 {
140+
return Ok(Self::Ok {
141+
event_id: serde_json::from_value(v[1].clone())?,
142+
status: serde_json::from_value(v[2].clone())?,
143+
message: serde_json::from_value(v[3].clone())?,
144+
});
145+
} else {
139146
return Err(MessageHandleError::InvalidMessageFormat);
140147
}
141-
142-
return Ok(Self::Ok {
143-
event_id: serde_json::from_value(v[1].clone())?,
144-
status: serde_json::from_value(v[2].clone())?,
145-
message: serde_json::from_value(v[3].clone())?,
146-
});
147148
}
148149

149150
// OK (NIP-42)
150151
// Relay response format: ["AUTH", <challenge>]
151152
if v[0] == "AUTH" {
152-
if v_len != 2 {
153+
if v_len >= 2 {
154+
return Ok(Self::Auth {
155+
challenge: serde_json::from_value(v[1].clone())?,
156+
});
157+
} else {
153158
return Err(MessageHandleError::InvalidMessageFormat);
154159
}
155-
156-
return Ok(Self::Auth {
157-
challenge: serde_json::from_value(v[1].clone())?,
158-
});
159160
}
160161

161162
// Relay response format: ["EVENT", <subscription id>, <event JSON>]
162163
if v[0] == "COUNT" {
163-
if v_len != 3 {
164+
if v_len >= 3 {
165+
let map = v[2]
166+
.as_object()
167+
.ok_or(MessageHandleError::InvalidMessageFormat)?;
168+
let count: Value = map
169+
.get("count")
170+
.ok_or(MessageHandleError::InvalidMessageFormat)?
171+
.clone();
172+
let count: usize = serde_json::from_value(count)?;
173+
174+
return Ok(Self::Count {
175+
subscription_id: serde_json::from_value(v[1].clone())?,
176+
count,
177+
});
178+
} else {
164179
return Err(MessageHandleError::InvalidMessageFormat);
165180
}
166-
167-
let map = v[2]
168-
.as_object()
169-
.ok_or(MessageHandleError::InvalidMessageFormat)?;
170-
let count: Value = map
171-
.get("count")
172-
.ok_or(MessageHandleError::InvalidMessageFormat)?
173-
.clone();
174-
let count: usize = serde_json::from_value(count)?;
175-
176-
return Ok(Self::Count {
177-
subscription_id: serde_json::from_value(v[1].clone())?,
178-
count,
179-
});
180181
}
181182

182183
// Negentropy Message
183184
// ["NEG-MSG", <subscription ID string>, <message, lowercase hex-encoded>]
184185
if v[0] == "NEG-MSG" {
185-
if v_len != 3 {
186+
if v_len >= 3 {
187+
return Ok(Self::NegMsg {
188+
subscription_id: serde_json::from_value(v[1].clone())?,
189+
message: serde_json::from_value(v[2].clone())?,
190+
});
191+
} else {
186192
return Err(MessageHandleError::InvalidMessageFormat);
187193
}
188-
189-
return Ok(Self::NegMsg {
190-
subscription_id: serde_json::from_value(v[1].clone())?,
191-
message: serde_json::from_value(v[2].clone())?,
192-
});
193194
}
194195

195196
// Negentropy Error
196197
// ["NEG-ERR", <subscription ID string>, <reason-code>]
197198
if v[0] == "NEG-ERR" {
198-
if v_len != 3 {
199+
if v_len >= 3 {
200+
return Ok(Self::NegErr {
201+
subscription_id: serde_json::from_value(v[1].clone())?,
202+
code: serde_json::from_value(v[2].clone())?,
203+
});
204+
} else {
199205
return Err(MessageHandleError::InvalidMessageFormat);
200206
}
201-
202-
return Ok(Self::NegErr {
203-
subscription_id: serde_json::from_value(v[1].clone())?,
204-
code: serde_json::from_value(v[2].clone())?,
205-
});
206207
}
207208

208209
Err(MessageHandleError::InvalidMessageFormat)

0 commit comments

Comments
 (0)