Sanitize base58 pubkeys and sigs (bp #14708) (#14711)

* SDK: Sanitize base58 pubkey input (cherry picked from commit 250b3969d4) * SDK: Sanitize base58 signature input (cherry picked from commit 2783aee483) Co-authored-by: Trent Nelson <trent@solana.com>
2021-01-21 02:37:50 +00:00
parent 6ae51ec5c3
commit 9dd5d4407b
2 changed files with 35 additions and 0 deletions
--- a/sdk/program/src/pubkey.rs
+++ b/sdk/program/src/pubkey.rs
@ -9,6 +9,8 @@ pub const PUBKEY_BYTES: usize = 32;
 pub const MAX_SEED_LEN: usize = 32;
 /// Maximum number of seeds
 pub const MAX_SEEDS: usize = 16;
+/// Maximum string length of a base58 encoded pubkey
+const MAX_BASE58_LEN: usize = 44;

 #[derive(Error, Debug, Serialize, Clone, PartialEq, FromPrimitive, ToPrimitive)]
 pub enum PubkeyError {
@ -58,6 +60,9 @@ impl FromStr for Pubkey {
    type Err = ParsePubkeyError;

    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        if s.len() > MAX_BASE58_LEN {
+            return Err(ParsePubkeyError::WrongSize);
+        }
        let pubkey_vec = bs58::decode(s)
            .into_vec()
            .map_err(|_| ParsePubkeyError::Invalid)?;
@ -336,6 +341,13 @@ mod tests {
            pubkey_base58_str.parse::<Pubkey>(),
            Err(ParsePubkeyError::Invalid)
        );
+
+        // too long input string
+        // longest valid encoding
+        let mut too_long = bs58::encode(&[255u8; PUBKEY_BYTES]).into_string();
+        // and one to grow on
+        too_long.push('1');
+        assert_eq!(too_long.parse::<Pubkey>(), Err(ParsePubkeyError::WrongSize));
    }

    #[test]
--- a/sdk/src/signature.rs
+++ b/sdk/src/signature.rs
@ -58,6 +58,11 @@ impl Keypair {
    }
 }

+/// Number of bytes in a signature
+pub const SIGNATURE_BYTES: usize = 64;
+/// Maximum string length of a base58 encoded signature
+const MAX_BASE58_SIGNATURE_LEN: usize = 88;
+
 #[repr(transparent)]
 #[derive(
    Serialize, Deserialize, Clone, Copy, Default, Eq, PartialEq, Ord, PartialOrd, Hash, AbiExample,
@ -138,6 +143,9 @@ impl FromStr for Signature {
    type Err = ParseSignatureError;

    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        if s.len() > MAX_BASE58_SIGNATURE_LEN {
+            return Err(ParseSignatureError::WrongSize);
+        }
        let bytes = bs58::decode(s)
            .into_vec()
            .map_err(|_| ParseSignatureError::Invalid)?;
@ -521,6 +529,21 @@ mod tests {
            signature_base58_str.parse::<Signature>(),
            Err(ParseSignatureError::Invalid)
        );
+
+        // too long input string
+        // longest valid encoding
+        let mut too_long: GenericArray<u8, U64> = GenericArray::default();
+        // *sigh*
+        for i in &mut too_long {
+            *i = 255u8;
+        }
+        let mut too_long = bs58::encode(too_long).into_string();
+        // and one to grow on
+        too_long.push('1');
+        assert_eq!(
+            too_long.parse::<Signature>(),
+            Err(ParseSignatureError::WrongSize)
+        );
    }

    #[test]