From cefd948267c6d16b317f7c15feb653a7725a3f1b Mon Sep 17 00:00:00 2001 From: Felix Lange Date: Sat, 18 Jul 2015 01:47:17 +0200 Subject: rlp: reject trailing data when using DecodeBytes --- rlp/decode.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'rlp/decode.go') diff --git a/rlp/decode.go b/rlp/decode.go index 4462d4be4..f17690522 100644 --- a/rlp/decode.go +++ b/rlp/decode.go @@ -110,9 +110,17 @@ func Decode(r io.Reader, val interface{}) error { // DecodeBytes parses RLP data from b into val. // Please see the documentation of Decode for the decoding rules. +// The input must contain exactly one value and no trailing data. func DecodeBytes(b []byte, val interface{}) error { // TODO: this could use a Stream from a pool. - return NewStream(bytes.NewReader(b), uint64(len(b))).Decode(val) + r := bytes.NewReader(b) + if err := NewStream(r, uint64(len(b))).Decode(val); err != nil { + return err + } + if r.Len() > 0 { + return ErrMoreThanOneValue + } + return nil } type decodeError struct { @@ -517,6 +525,10 @@ var ( ErrElemTooLarge = errors.New("rlp: element is larger than containing list") ErrValueTooLarge = errors.New("rlp: value size exceeds available input length") + // This error is reported by DecodeBytes if the slice contains + // additional data after the first RLP value. + ErrMoreThanOneValue = errors.New("rlp: input contains more than one value") + // internal errors errNotInList = errors.New("rlp: call of ListEnd outside of any list") errNotAtEOL = errors.New("rlp: call of ListEnd not positioned at EOL") -- cgit v1.2.3 From 345590f27f81517fd7b560a3fafb0a2c8b498094 Mon Sep 17 00:00:00 2001 From: Felix Lange Date: Sat, 18 Jul 2015 16:13:20 +0200 Subject: rlp: fix check for canonical byte array size Decoding did not reject byte arrays of length one with a single element b where 55 < b < 128. Such byte arrays must be rejected because they must be encoded as the single byte b instead. --- rlp/decode.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'rlp/decode.go') diff --git a/rlp/decode.go b/rlp/decode.go index f17690522..cc402fc94 100644 --- a/rlp/decode.go +++ b/rlp/decode.go @@ -361,7 +361,7 @@ func decodeByteArray(s *Stream, val reflect.Value) error { return err } // Reject cases where single byte encoding should have been used. - if size == 1 && slice[0] < 56 { + if size == 1 && slice[0] < 128 { return wrapStreamError(ErrCanonSize, val.Type()) } case List: @@ -623,7 +623,7 @@ func (s *Stream) Bytes() ([]byte, error) { if err = s.readFull(b); err != nil { return nil, err } - if size == 1 && b[0] < 56 { + if size == 1 && b[0] < 128 { return nil, ErrCanonSize } return b, nil @@ -687,7 +687,7 @@ func (s *Stream) uint(maxbits int) (uint64, error) { return 0, ErrCanonInt case err != nil: return 0, err - case size > 0 && v < 56: + case size > 0 && v < 128: return 0, ErrCanonSize default: return v, nil -- cgit v1.2.3 From 3f047be5aa93b6222506445414ca909dd59c7eeb Mon Sep 17 00:00:00 2001 From: Felix Lange Date: Wed, 22 Jul 2015 18:48:40 +0200 Subject: all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library". --- rlp/decode.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'rlp/decode.go') diff --git a/rlp/decode.go b/rlp/decode.go index cc402fc94..f27dcebc3 100644 --- a/rlp/decode.go +++ b/rlp/decode.go @@ -1,18 +1,18 @@ // Copyright 2014 The go-ethereum Authors -// This file is part of go-ethereum. +// This file is part of the go-ethereum library. // // go-ethereum is free software: you can redistribute it and/or modify // it under the terms of the GNU Lesser General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // -// go-ethereum is distributed in the hope that it will be useful, +// The go-ethereum library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License -// along with go-ethereum. If not, see . +// along with the go-ethereum library. If not, see . package rlp -- cgit v1.2.3 From bfbcfbe4a9dd9125391b56d6a13158cc5ec71c89 Mon Sep 17 00:00:00 2001 From: Felix Lange Date: Thu, 23 Jul 2015 18:35:11 +0200 Subject: all: fix license headers one more time I forgot to update one instance of "go-ethereum" in commit 3f047be5a. --- rlp/decode.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rlp/decode.go') diff --git a/rlp/decode.go b/rlp/decode.go index f27dcebc3..c0b5f0699 100644 --- a/rlp/decode.go +++ b/rlp/decode.go @@ -1,7 +1,7 @@ // Copyright 2014 The go-ethereum Authors // This file is part of the go-ethereum library. // -// go-ethereum is free software: you can redistribute it and/or modify +// The go-ethereum library is free software: you can redistribute it and/or modify // it under the terms of the GNU Lesser General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. -- cgit v1.2.3