stellar / go-xdr

Implements the XDR standard as specified in RFC 4506 in pure Google Go (Golang)
ISC License
9 stars 12 forks source link

Add validation for XDR fields with limits #1

Open ire-and-curses opened 5 years ago

ire-and-curses commented 5 years ago

Fields like xdr.SetOptionsOp.HomeDomain have restrictions on size, but at run-time nothing prevents them from being set too large, which causes transaction_malformed errors.

It looks like the XDR library has defined sizes which can be checked (e.g. this one for homeDomain strings). They just need to be checked.

@bartekn Does that sound right to you?

tomerweller commented 5 years ago

This looks like it belongs in https://github.com/stellar/go-xdr?

bartekn commented 5 years ago

You both are right. It looks like xdrmaxsize tag is only checked while decoding. And it belongs to go-xdr.

bartekn commented 5 years ago

@tomquisel can you transfer this issue using "Transfer issue" feature? It's only available for admins. Has to be moved to stellar/go-xdr.

tomquisel commented 5 years ago

@bartekn done! Issues were disabled for go-xdr, so I couldn't transfer this issue either at first. Issues are now enabled so it worked 😄