cid-sec: fix bitswap strom caused by insecure CIDs

When we introduced CID security we didn't take into account that bitswap might repeatly try getting the objects from the network if it fails putting them into the blockstore. Solution from this is not requesting those objects from bitswap. The proper solution of failing at CID creation will make in much more cleaner in future. License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>

cid-sec: fix bitswap strom caused by insecure CIDs
When we introduced CID security we didn't take into account that bitswap might repeatly try getting the objects from the network if it fails putting them into the blockstore. Solution from this is not requesting those objects from bitswap. The proper solution of failing at CID creation will make in much more cleaner in future. License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
fab4b5ed · Jakub Sztandera · 1793868c · fab4b5ed
Commit fab4b5ed authored Apr 18, 2018 by Jakub Sztandera
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 6 deletions

blockservice.go blockservice.go +13 -6

No files found.
--- a/blockservice.go
+++ b/blockservice.go
@@ -251,15 +251,22 @@ func (s *blockService) GetBlocks(ctx context.Context, ks []*cid.Cid) <-chan bloc
 func getBlocks(ctx context.Context, ks []*cid.Cid, bs blockstore.Blockstore, f exchange.Fetcher) <-chan blocks.Block {
 	out := make(chan blocks.Block)
-	for _, c := range ks {
-		// hash security
-		if err := verifcid.ValidateCid(c); err != nil {
-			log.Errorf("unsafe CID (%s) passed to blockService.GetBlocks: %s", c, err)
-		}
-	}
 	go func() {
 		defer close(out)
+		k := 0
+		for _, c := range ks {
+			// hash security
+			if err := verifcid.ValidateCid(c); err == nil {
+				ks[k] = c
+				k++
+			} else {
+				log.Errorf("unsafe CID (%s) passed to blockService.GetBlocks: %s", c, err)
+			}
+		}
+		ks = ks[:k]
 		var misses []*cid.Cid
 		for _, c := range ks {
 			hit, err := bs.Get(c)