Skip to content

fix: validate username and truncate worker name at authorize time #197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
average-gary wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix: validate username and truncate worker name at authorize time #197

average-gary wants to merge 3 commits into from
+284 −12

Conversation

@average-gary
Copy link
Contributor

@average-gary average-gary commented Jan 21, 2026

The UserIdentity TLV field has a protocol-specified maximum of 32 bytes. When downstream miners send mining.authorize with long worker names, the translator would panic on unwrap().

This fix:

  • Rejects mining.authorize if the username portion (before the dot) exceeds 32 bytes, as this indicates an invalid configuration
  • Truncates only the worker name portion if the total length exceeds 32 bytes, preserving the username
  • Adds defensive error handling in sv1_server.rs as a fallback

@average-gary average-gary force-pushed the fix/user-identity-validate-authorize branch from 67bf1cf to 190ec4c Compare January 21, 2026 19:20
@average-gary
Copy link
Contributor Author

average-gary commented Jan 21, 2026

Rebased onto #162

Pr ot that branch here:
Shourya742#1

@average-gary average-gary force-pushed the fix/user-identity-validate-authorize branch from 190ec4c to 30d4718 Compare January 22, 2026 17:06
gimballock
gimballock reviewed Jan 22, 2026
View reviewed changes
miner-apps/translator/src/lib/sv1/sv1_server/downstream_message_handler.rs
MAX_USER_IDENTITY_LENGTH,
username.len()
);
return false;
Copy link

@gimballock gimballock Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a more specific error type we should use here?

Copy link
Contributor Author

@average-gary average-gary Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The return type is defined upstream in stratum_core::sv2_api

@average-gary
fix: validate username and truncate worker name at authorize time
d01972d 
The UserIdentity TLV field has a protocol-specified maximum of 32 bytes.
When downstream miners send mining.authorize with long worker names,
the translator would panic on unwrap().

This fix:
- Rejects mining.authorize if the username portion (before the dot)
  exceeds 32 bytes, as this indicates an invalid configuration
- Truncates only the worker name portion if the total length exceeds
  32 bytes, preserving the username
- Adds defensive error handling in sv1_server.rs as a fallback
@average-gary
test: add integration tests for long worker name truncation
99bbd38
@average-gary
fix: use UTF-8 safe truncation for user identity
9583132 
Byte-slicing a string (e.g., &name[..32]) can panic if the index falls
within a multi-byte UTF-8 character. Use is_char_boundary() to find a
safe truncation point. Also removes an unnecessary .clone() on String.
@average-gary average-gary force-pushed the fix/user-identity-validate-authorize branch from 8acdf30 to 9583132 Compare January 23, 2026 15:16
@GitGab19
Copy link
Member

GitGab19 commented Jan 27, 2026

I think we have some misconceptions, and that's probably due to how we called and managed some fields in the DownstreamData in the past.

We currently have authorized_worker_name and user_identity there, but we are currently setting both values with the same string we receive from the mining.authorize message.

Here the changes I would apply:

  • rename authorized_worker_name into worker_name_from_authorize to better reflect that this field contains the exact string we receive from the Sv1 mining.authorize
  • assign to user_identity only the suffix part of what we receive from the Sv1 mining.authorize (e.g. in case of gitgab.worker1 the user_identity will contain only worker1)
    • if there's no . delimiter, assign the same value as authorized_worker_name
  • we don't check the length of any of these fields in the authorize step of the initial "Sv1 handshake", because we don't even know if we need to use the extension or not there
  • in the Sv1Server, where we create the TLV using the user_identity field of the DownstreamData we handle the result and, if we get an error from the new() (the check on the length is already made there), we return an error and we disconnect the client

Does it make sense to you @average-gary ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gimballock gimballock gimballock left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@average-gary @GitGab19 @gimballock