restict size of address and topics

Author: 317787106

framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java

@@ -35,6 +35,8 @@ public class LogFilter {
   @Setter
   private Bloom[][] filterBlooms;
 
+  private final int maxTopicDepth = 4;
+  private final int maxSubWidth = 20;
 
   public LogFilter() {
   }
@@ -58,6 +60,9 @@ public LogFilter(FilterRequest fr) throws JsonRpcInvalidParamsException {
               String.format("invalid address at index %d: %s", i, s));
         }
       }
+      if (addr.size() > maxSubWidth) {
+        throw new JsonRpcInvalidParamsException("address size should be <= " + maxSubWidth);
+      }
       withContractAddress(addr.toArray(new byte[addr.size()][]));
 
     } else if (fr.getAddress() != null) {
@@ -66,8 +71,8 @@ public LogFilter(FilterRequest fr) throws JsonRpcInvalidParamsException {
 
     if (fr.getTopics() != null) {
       //restrict depth of topics, because event has a signature and most 3 indexed parameters
-      if (fr.getTopics().length > 4) {
-        throw new JsonRpcInvalidParamsException("topics size should be <= 4");
+      if (fr.getTopics().length > maxTopicDepth) {
+        throw new JsonRpcInvalidParamsException("topics size should be <= " + maxTopicDepth);
       }
       for (Object topic : fr.getTopics()) {
         if (topic == null) {
@@ -88,6 +93,9 @@ public LogFilter(FilterRequest fr) throws JsonRpcInvalidParamsException {
               throw new JsonRpcInvalidParamsException("invalid topic(s): " + s);
             }
           }
+          if (t.size() > maxSubWidth) {
+            throw new JsonRpcInvalidParamsException("topics' width should be <= " + maxSubWidth);
+          }
           withTopic(t.toArray(new byte[t.size()][]));
         } else {
           throw new JsonRpcInvalidParamsException("invalid topic(s)");

framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java

@@ -240,6 +240,21 @@ public void testLogFilter() {
     } catch (JsonRpcInvalidParamsException e) {
       Assert.assertTrue(e.getMessage().contains("invalid address"));
     }
+
+    //address width should be <= 20
+
+    //topic's width should be <= 20
+    List<String> subTopics = new ArrayList<>();
+    for (int i = 0; i < 100; i++) {
+      subTopics.add("0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef");
+    }
+    Object[] topics = new Object[1];
+    topics[0] = subTopics;
+    try {
+      new LogFilter(new FilterRequest(null, null, null, topics, null));
+    } catch (JsonRpcInvalidParamsException e) {
+      Assert.assertEquals("topics' width should be <= 20", e.getMessage());
+    }
   }
 
   private int[] getBloomIndex(String s) {