From 1a20ab968f6fb6baffa69fb21929e7f62f031d6e Mon Sep 17 00:00:00 2001
From: Trent Nelson <trent@solana.com>
Date: Sat, 13 Feb 2021 00:13:29 -0700
Subject: [PATCH] sdk: sanitize `Hash` base58 input

---
 sdk/program/src/hash.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/sdk/program/src/hash.rs b/sdk/program/src/hash.rs
index 93095db63b..e75bec7cbe 100644
--- a/sdk/program/src/hash.rs
+++ b/sdk/program/src/hash.rs
@@ -6,6 +6,8 @@ use std::{convert::TryFrom, fmt, mem, str::FromStr};
 use thiserror::Error;
 
 pub const HASH_BYTES: usize = 32;
+/// Maximum string length of a base58 encoded hash
+const MAX_BASE58_LEN: usize = 44;
 #[derive(
     Serialize, Deserialize, Clone, Copy, Default, Eq, PartialEq, Ord, PartialOrd, Hash, AbiExample,
 )]
@@ -65,6 +67,9 @@ impl FromStr for Hash {
     type Err = ParseHashError;
 
     fn from_str(s: &str) -> Result<Self, Self::Err> {
+        if s.len() > MAX_BASE58_LEN {
+            return Err(ParseHashError::WrongSize);
+        }
         let bytes = bs58::decode(s)
             .into_vec()
             .map_err(|_| ParseHashError::Invalid)?;
@@ -173,6 +178,13 @@ mod tests {
             Err(ParseHashError::WrongSize)
         );
 
+        let input_too_big = bs58::encode(&[0xffu8; HASH_BYTES + 1]).into_string();
+        assert!(input_too_big.len() > MAX_BASE58_LEN);
+        assert_eq!(
+            input_too_big.parse::<Hash>(),
+            Err(ParseHashError::WrongSize)
+        );
+
         let mut hash_base58_str = bs58::encode(hash.0).into_string();
         assert_eq!(hash_base58_str.parse::<Hash>(), Ok(hash));