cid-sec: fix bitswap strom caused by insecure CIDs

When we introduced CID security we didn't take into account that bitswap
might repeatly try getting the objects from the network if it fails
putting them into the blockstore.

Solution from this is not requesting those objects from bitswap.
The proper solution of failing at CID creation will make in much more
cleaner in future.

License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>

blockservice/blockservice.go

@@ -251,15 +251,22 @@ func (s *blockService) GetBlocks(ctx context.Context, ks []*cid.Cid) <-chan bloc
 
 func getBlocks(ctx context.Context, ks []*cid.Cid, bs blockstore.Blockstore, f exchange.Fetcher) <-chan blocks.Block {
 	out := make(chan blocks.Block)
-	for _, c := range ks {
-		// hash security
-		if err := verifcid.ValidateCid(c); err != nil {
-			log.Errorf("unsafe CID (%s) passed to blockService.GetBlocks: %s", c, err)
-		}
-	}
 
 	go func() {
 		defer close(out)
+
+		k := 0
+		for _, c := range ks {
+			// hash security
+			if err := verifcid.ValidateCid(c); err == nil {
+				ks[k] = c
+				k++
+			} else {
+				log.Errorf("unsafe CID (%s) passed to blockService.GetBlocks: %s", c, err)
+			}
+		}
+		ks = ks[:k]
+
 		var misses []*cid.Cid
 		for _, c := range ks {
 			hit, err := bs.Get(c)