From ac07fb392d15f14d82732e9b2e53a0ac4dd27ba4 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Wed, 16 Sep 2020 21:09:20 +0000
Subject: [PATCH] Fix off-by-one max payload checks (bp #12230) (#12284)

* Fix off-by-one max payload checks

(cherry picked from commit f6cda2579ffa562eaf7d537fb93a7553c68a8270)

# Conflicts:
#	faucet/src/faucet.rs

* Update faucet.rs

Co-authored-by: Justin Starry <justin@solana.com>
Co-authored-by: Michael Vines <mvines@gmail.com>
---
 bench-streamer/src/main.rs | 2 +-
 core/src/rpc.rs            | 2 +-
 faucet/src/faucet.rs       | 2 +-
 perf/src/sigverify.rs      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bench-streamer/src/main.rs b/bench-streamer/src/main.rs
index d3c776721d..4ab14153a5 100644
--- a/bench-streamer/src/main.rs
+++ b/bench-streamer/src/main.rs
@@ -27,7 +27,7 @@ fn producer(addr: &SocketAddr, exit: Arc<AtomicBool>) -> JoinHandle<()> {
         let mut num = 0;
         for p in &msgs.packets {
             let a = p.meta.addr();
-            assert!(p.meta.size < PACKET_DATA_SIZE);
+            assert!(p.meta.size <= PACKET_DATA_SIZE);
             send.send_to(&p.data[..p.meta.size], &a).unwrap();
             num += 1;
         }
diff --git a/core/src/rpc.rs b/core/src/rpc.rs
index 70625a0cfb..84e65a124c 100644
--- a/core/src/rpc.rs
+++ b/core/src/rpc.rs
@@ -2452,7 +2452,7 @@ fn deserialize_bs58_transaction(bs58_transaction: String) -> Result<(Vec<u8>, Tr
     let wire_transaction = bs58::decode(bs58_transaction)
         .into_vec()
         .map_err(|e| Error::invalid_params(format!("{:?}", e)))?;
-    if wire_transaction.len() >= PACKET_DATA_SIZE {
+    if wire_transaction.len() > PACKET_DATA_SIZE {
         let err = format!(
             "transaction too large: {} bytes (max: {} bytes)",
             wire_transaction.len(),
diff --git a/faucet/src/faucet.rs b/faucet/src/faucet.rs
index e090d39686..d3c9587327 100644
--- a/faucet/src/faucet.rs
+++ b/faucet/src/faucet.rs
@@ -219,7 +219,7 @@ pub fn request_airdrop_transaction(
         Err(Error::new(ErrorKind::Other, "Airdrop failed"))
     })?;
     let transaction_length = LittleEndian::read_u16(&buffer) as usize;
-    if transaction_length >= PACKET_DATA_SIZE {
+    if transaction_length > PACKET_DATA_SIZE || transaction_length == 0 {
         return Err(Error::new(
             ErrorKind::Other,
             format!(
diff --git a/perf/src/sigverify.rs b/perf/src/sigverify.rs
index 44f0cf226b..979c8eafda 100644
--- a/perf/src/sigverify.rs
+++ b/perf/src/sigverify.rs
@@ -598,7 +598,7 @@ mod tests {
         tx0.message.instructions[0].data = vec![1, 2, 3];
         let message0a = tx0.message_data();
         let tx_bytes = serialize(&tx0).unwrap();
-        assert!(tx_bytes.len() < PACKET_DATA_SIZE);
+        assert!(tx_bytes.len() <= PACKET_DATA_SIZE);
         assert_eq!(
             memfind(&tx_bytes, &tx0.signatures[0].as_ref()),
             Some(SIG_OFFSET)