forks/go-ethereum
1
0
Fork 1
mirror of https://github.com/ethereum/go-ethereum.git synced 2026-02-26 07:37:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

ethapi: reject oversize storage keys before hex decode (#32750)

Browse source 
Bail out of decodeHash when the raw hex string is longer than 32 byte before actually decoding.
---------

Co-authored-by: lightclient <lightclient@protonmail.com>
This commit is contained in:
Matus Kysel 2025-09-26 15:12:28 +02:00 committed by GitHub
parent a8f7965d58
commit 2e2fece0bb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
internal/ethapi/api.go
View file

@ -449,13 +449,13 @@ func decodeHash(s string) (h common.Hash, inputLength int, err error) {
if (len(s) & 1) > 0 {
s = "0" + s
}
if len(s) > 64 {
return common.Hash{}, len(s) / 2, errors.New("hex string too long, want at most 32 bytes")
}
b, err := hex.DecodeString(s)
if err != nil {
return common.Hash{}, 0, errors.New("hex string invalid")
}
if len(b) > 32 {
return common.Hash{}, len(b), errors.New("hex string too long, want at most 32 bytes")
}
return common.BytesToHash(b), len(b), nil
}