Skip to content

Commit

Permalink
sp-trie: minor fix to avoid possible panic during node decoding (pari…
Browse files Browse the repository at this point in the history
…tytech#6486)

# Description

This PR is a simple fix consisting of adding a check to the process of
decoding nodes of a storage proof to avoid panicking when receiving
badly-constructed proofs, returning an error instead.

This would close paritytech#6485

## Integration

No changes have to be done downstream, and as such the version bump
should be minor.

---------

Co-authored-by: Bastian Köcher <[email protected]>
  • Loading branch information
2 people authored and dudo50 committed Jan 4, 2025
1 parent 804c910 commit 4ea8fd7
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
10 changes: 10 additions & 0 deletions prdoc/pr_6486.prdoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
title: "sp-trie: minor fix to avoid panic on badly-constructed proof"

doc:
- audience: ["Runtime Dev", "Runtime User"]
description: |
"Added a check when decoding encoded proof nodes in `sp-trie` to avoid panicking when receiving a badly constructed proof, instead erroring out."

crates:
- name: sp-trie
bump: patch
8 changes: 8 additions & 0 deletions substrate/primitives/trie/src/node_codec.rs
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ where
NodeHeader::Null => Ok(NodePlan::Empty),
NodeHeader::HashedValueBranch(nibble_count) | NodeHeader::Branch(_, nibble_count) => {
let padding = nibble_count % nibble_ops::NIBBLE_PER_BYTE != 0;
// data should be at least the size of the offset
if data.len() < input.offset {
return Err(Error::BadFormat)
}
// check that the padding is valid (if any)
if padding && nibble_ops::pad_left(data[input.offset]) != 0 {
return Err(Error::BadFormat)
Expand Down Expand Up @@ -154,6 +158,10 @@ where
},
NodeHeader::HashedValueLeaf(nibble_count) | NodeHeader::Leaf(nibble_count) => {
let padding = nibble_count % nibble_ops::NIBBLE_PER_BYTE != 0;
// data should be at least the size of the offset
if data.len() < input.offset {
return Err(Error::BadFormat)
}
// check that the padding is valid (if any)
if padding && nibble_ops::pad_left(data[input.offset]) != 0 {
return Err(Error::BadFormat)
Expand Down

0 comments on commit 4ea8fd7

Please sign in to comment.