make-github-pseudonymous-again
commented
4 years ago @KrishnaPG Can you explain what is your use case here? What is the code that would trigger this error?
Closed KrishnaPG closed 3 years ago
make-github-pseudonymous-again
commented
4 years ago @KrishnaPG Can you explain what is your use case here? What is the code that would trigger this error?
KrishnaPG
commented
4 years ago When node IDs are creating using different length strings (obtained from third party database), the whole app crashes when lookup is performed. https://github.com/mafintosh/dht-rpc/blob/b6daae9f8979ff4a6949dc92991685b355ad1b3c/lib/query-stream.js#L81
Since the lookup code has no control over the thrown error, it cannot be handled at the app level.
Ignore the node, or just not adding the peer to the discovered list of items is a more suited solution.
mafintosh
commented
4 years ago That line only gets 32 byte ids. I think we are guarding the ids from any untrusted source, do you have test case where that isn’t the case?
mafintosh
commented
3 years ago v5 has a lot of checks in addition to my above comment, feel free to reopen with a test case
Giving Infohash (from torrent) of length 20bytes crashes this package. While infohashes may not be compatible, just crashing the whole app on differences over the length of the key may not be the best idea, since the data / key could be coming from any third party and handling the error is more better solution. Below is crash stack:
Handling the exception here to ignore it could make the app more robust: https://github.com/mafintosh/dht-rpc/blob/a7752605bb18bf622a5e152bc4762b49f6525cda/lib/query-table.js#L15