Improve BlocksByRangeMessage validation (#9085)

* improve BlocksByRangeMessage validation * additional check and tests
Consensys · Feb 5, 2025 · 6748b5d · 6748b5d
1 parent 0bdd5b6
commit 6748b5d
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 5 deletions.
diff --git a/...gasys/teku/networking/eth2/rpc/beaconchain/methods/BeaconBlocksByRangeMessageHandler.java b/...gasys/teku/networking/eth2/rpc/beaconchain/methods/BeaconBlocksByRangeMessageHandler.java
@@ -80,8 +80,15 @@ public BeaconBlocksByRangeMessageHandler(
   public Optional<RpcException> validateRequest(
       final String protocolId, final BeaconBlocksByRangeRequestMessage request) {
     final int version = BeaconChainMethodIds.extractBeaconBlocksByRangeVersion(protocolId);
-    final SpecMilestone latestMilestoneRequested =
-        spec.getForkSchedule().getSpecMilestoneAtSlot(request.getMaxSlot());
+    final SpecMilestone latestMilestoneRequested;
+    try {
+      latestMilestoneRequested =
+          spec.getForkSchedule().getSpecMilestoneAtSlot(request.getMaxSlot());
+    } catch (final ArithmeticException __) {
+      return Optional.of(
+          new RpcException(INVALID_REQUEST_CODE, "Requested slot is too far in the future"));
+    }
+
     final boolean isAltairActive =
         latestMilestoneRequested.isGreaterThanOrEqualTo(SpecMilestone.ALTAIR);
 
@@ -95,10 +102,18 @@ public Optional<RpcException> validateRequest(
       return Optional.of(new RpcException(INVALID_REQUEST_CODE, "Step must be greater than zero"));
     }
 
-    final UInt64 maxRequestBlocks =
-        spec.forMilestone(latestMilestoneRequested).miscHelpers().getMaxRequestBlocks();
+    final int maxRequestBlocks =
+        spec.forMilestone(latestMilestoneRequested).miscHelpers().getMaxRequestBlocks().intValue();
+
+    int requestedCount;
+    try {
+      requestedCount = request.getCount().intValue();
+    } catch (final ArithmeticException __) {
+      // handle overflows
+      requestedCount = -1;
+    }
 
-    if (request.getCount().isGreaterThan(maxRequestBlocks)) {
+    if (requestedCount == -1 || requestedCount > maxRequestBlocks) {
       requestCounter.labels("count_too_big").inc();
       return Optional.of(
           new RpcException(

diff --git a/...s/teku/networking/eth2/rpc/beaconchain/methods/BeaconBlocksByRangeMessageHandlerTest.java b/...s/teku/networking/eth2/rpc/beaconchain/methods/BeaconBlocksByRangeMessageHandlerTest.java
@@ -192,6 +192,41 @@ public void validateRequest_shouldRejectRequestWhenCountIsTooBig() {
                 "Only a maximum of 1024 blocks can be requested per request"));
   }
 
+  @Test
+  public void validateRequest_shouldRejectRequestWhenCountIsTooBigDueToIntOverflow() {
+    final int startBlock = 15;
+    final int skip = 1;
+
+    final Optional<RpcException> result =
+        handler.validateRequest(
+            protocolId,
+            new BeaconBlocksByRangeRequestMessage(
+                UInt64.valueOf(startBlock),
+                UInt64.valueOf(((long) Integer.MAX_VALUE) + 1),
+                UInt64.valueOf(skip)));
+
+    assertThat(result)
+        .hasValue(
+            new RpcException(
+                INVALID_REQUEST_CODE,
+                "Only a maximum of 1024 blocks can be requested per request"));
+  }
+
+  @Test
+  public void validateRequest_shouldRejectRequestWhenGetMaxSlotOverflows() {
+    final int skip = 1;
+
+    final Optional<RpcException> result =
+        handler.validateRequest(
+            protocolId,
+            new BeaconBlocksByRangeRequestMessage(
+                UInt64.MAX_VALUE, UInt64.valueOf(10), UInt64.valueOf(skip)));
+
+    assertThat(result)
+        .hasValue(
+            new RpcException(INVALID_REQUEST_CODE, "Requested slot is too far in the future"));
+  }
+
   @Test
   public void validateRequest_shouldRejectRequestWhenCountIsTooBigForDeneb() {
     final int startBlock = 15;