mirrors/tendermint
1
0
Fork 0
mirror of https://github.com/tendermint/tendermint.git synced 2026-01-07 13:55:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8ba6d218e45b60db9c7dedc13b0dbaba6dbc0d99
tendermint/p2p/conn
History
mergify[bot] 358b1f23c0 p2p/conn: check for channel id overflow before processing receive msg (backport #6522) (#6528) 
* p2p/conn: check for channel id overflow before processing receive msg (#6522)

Per tendermint spec, each Channel has a globally unique byte id, which
is mapped to uint8 in Go. However, the proto PacketMsg.ChannelID field
is declared as int32, and when receive the packet, we cast it to a byte
without checking for possible overflow. That leads to a malform packet
with invalid channel id is sent successfully.

To fix it, we just add a check for possible overflow, and return invalid
channel id error.

Fixed #6521

(cherry picked from commit 1f46a4c90e)
2021-06-04 20:20:36 -04:00
..
testdata
p2p: Add test vectors for deriving secrets (#2120)
2018-08-01 15:06:29 -04:00
conn_go110.go
Revert "delete everything" (includes everything non-go-crypto)
2018-06-20 17:35:30 -07:00
conn_notgo110.go
Revert "delete everything" (includes everything non-go-crypto)
2018-06-20 17:35:30 -07:00
connection_test.go
p2p/conn: check for channel id overflow before processing receive msg (backport #6522) (#6528)
2021-06-04 20:20:36 -04:00
connection.go
p2p/conn: check for channel id overflow before processing receive msg (backport #6522) (#6528)
2021-06-04 20:20:36 -04:00
evil_secret_connection_test.go
proto: folder structure adhere to buf (#5025)
2020-06-22 10:00:51 +02:00
secret_connection_test.go
fix lint failures with 1.31 (#5489)
2020-10-22 13:36:08 +02:00
secret_connection.go
rpc/jsonrpc/server: return an error in WriteRPCResponseHTTP(Error) (bp #6204) (#6230)
2021-03-17 14:55:05 +00:00