airdrop-proof: better sanity checks.

chjj · chjj · commit 592b27607765 · 2018-12-03T16:57:04.000-08:00
diff --git a/lib/primitives/airdropproof.js b/lib/primitives/airdropproof.js
@@ -39,6 +39,8 @@ const FAUCET_DEPTH = 8;
 
 const TREE_LEAVES = AIRDROP_LEAVES + FAUCET_LEAVES;
 
+const MAX_PROOF_SIZE = 3000; // 2811
+
 /**
  * AirdropProof
  */
@@ -103,8 +105,23 @@ class AirdropProof extends bio.Struct {
     return bw;
   }
 
+  decode(data) {
+    const br = bio.read(data);
+
+    if (data.length > MAX_PROOF_SIZE)
+      throw new Error('Proof too large.');
+
+    this.read(br);
+
+    if (br.left() !== 0)
+      throw new Error('Trailing data.');
+
+    return this;
+  }
+
   read(br) {
     this.index = br.readU32();
+    assert(this.index < AIRDROP_LEAVES);
 
     const count = br.readU8();
     assert(count <= AIRDROP_DEPTH);
@@ -115,6 +132,7 @@ class AirdropProof extends bio.Struct {
     }
 
     this.subindex = br.readU8();
+    assert(this.subindex < AIRDROP_SUBLEAVES);
 
     const total = br.readU8();
     assert(total <= AIRDROP_SUBDEPTH);
@@ -304,7 +322,12 @@ class AirdropProof extends bio.Struct {
     if (this.address.length < 2 || this.address.length > 40)
       return false;
 
-    if (this.fee > this.getValue())
+    const value = this.getValue();
+
+    if (value < 0 || value > consensus.MAX_MONEY)
+      return false;
+
+    if (this.fee < 0 || this.fee > value)
       return false;
 
     if (this.isAddress()) {
@@ -335,6 +358,9 @@ class AirdropProof extends bio.Struct {
     if (this.index >= AIRDROP_LEAVES)
       return false;
 
+    if (this.getSize() > MAX_PROOF_SIZE)
+      return false;
+
     return true;
   }
 
