Merge pull request #113 from libp2p/fix/no-arbitrary-data

ensure we don't store arbitrary data

Merge pull request #113 from libp2p/fix/no-arbitrary-data
ensure we don't store arbitrary data
d2378be3 · Steven Allen · GitHub · 3fc048d4 · 81771537 · d2378be3
Unverified Commit d2378be3 authored Jan 20, 2018 by Steven Allen Committed by GitHub Jan 20, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 78 additions and 0 deletions

handlers.go handlers.go +13 -0

handlers_test.go handlers_test.go +65 -0

No files found.
--- a/handlers.go
+++ b/handlers.go
@@ -152,6 +152,18 @@ func (dht *IpfsDHT) checkLocalDatastore(k string) (*recpb.Record, error) {
 	return rec, nil
 }

+// Cleans the record (to avoid storing arbitrary data).
+func cleanRecord(rec *recpb.Record) {
+	rec.XXX_unrecognized = nil
+	rec.TimeReceived = nil
+
+	// Only include the author if there's a signature (otherwise, it's
+	// unvalidated and could be anything).
+	if len(rec.Signature) == 0 {
+		rec.Author = nil
+	}
+}
+
 // Store a value in this peer local storage
 func (dht *IpfsDHT) handlePutValue(ctx context.Context, p peer.ID, pmes *pb.Message) (_ *pb.Message, err error) {
 	eip := log.EventBegin(ctx, "handlePutValue", p)
@@ -169,6 +181,7 @@ func (dht *IpfsDHT) handlePutValue(ctx context.Context, p peer.ID, pmes *pb.Mess
 		log.Infof("Got nil record from: %s", p.Pretty())
 		return nil, errors.New("nil record")
 	}
+	cleanRecord(rec)

 	if err = dht.verifyRecordLocally(rec); err != nil {
 		log.Warningf("Bad dht record in PUT from: %s. %s", peer.ID(pmes.GetRecord().GetAuthor()), err)

--- a/handlers_test.go
+++ b/handlers_test.go
+package dht
+
+import (
+	"bytes"
+	"testing"
+
+	proto "github.com/gogo/protobuf/proto"
+	recpb "github.com/libp2p/go-libp2p-record/pb"
+)
+
+func TestCleanRecordSigned(t *testing.T) {
+	actual := new(recpb.Record)
+	actual.TimeReceived = proto.String("time")
+	actual.XXX_unrecognized = []byte("extra data")
+	actual.Signature = []byte("signature")
+	actual.Author = proto.String("author")
+	actual.Value = []byte("value")
+	actual.Key = proto.String("key")
+
+	cleanRecord(actual)
+	actualBytes, err := proto.Marshal(actual)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := new(recpb.Record)
+	expected.Signature = []byte("signature")
+	expected.Author = proto.String("author")
+	expected.Value = []byte("value")
+	expected.Key = proto.String("key")
+	expectedBytes, err := proto.Marshal(expected)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(actualBytes, expectedBytes) {
+		t.Error("failed to clean record")
+	}
+}
+
+func TestCleanRecord(t *testing.T) {
+	actual := new(recpb.Record)
+	actual.TimeReceived = proto.String("time")
+	actual.XXX_unrecognized = []byte("extra data")
+	actual.Key = proto.String("key")
+	actual.Value = []byte("value")
+
+	cleanRecord(actual)
+	actualBytes, err := proto.Marshal(actual)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := new(recpb.Record)
+	expected.Key = proto.String("key")
+	expected.Value = []byte("value")
+	expectedBytes, err := proto.Marshal(expected)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(actualBytes, expectedBytes) {
+		t.Error("failed to clean record")
+	}
+}