From ba4d10f2032563195779895d3851ed88cd112f42 Mon Sep 17 00:00:00 2001
From: capossele <angelocapossele@gmail.com>
Date: Thu, 20 Feb 2020 12:57:08 +0000
Subject: [PATCH] :bug: checks meta_tx size

---
 packages/model/meta_transaction/meta_transaction.go      | 5 ++++-
 packages/model/meta_transaction/meta_transaction_test.go | 4 +++-
 plugins/tangle/solidifier.go                             | 8 ++++++--
 plugins/tangle/solidifier_test.go                        | 6 +++++-
 4 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/packages/model/meta_transaction/meta_transaction.go b/packages/model/meta_transaction/meta_transaction.go
index 45550786..59c546ea 100644
--- a/packages/model/meta_transaction/meta_transaction.go
+++ b/packages/model/meta_transaction/meta_transaction.go
@@ -56,8 +56,11 @@ func FromTrits(trits trinary.Trits) *MetaTransaction {
 	}
 }
 
-func FromBytes(bytes []byte) (result *MetaTransaction) {
+func FromBytes(bytes []byte) (result *MetaTransaction, err error) {
 	trits := trinary.MustBytesToTrits(bytes)
+	if len(trits) < MARSHALED_TOTAL_SIZE {
+		return nil, fmt.Errorf("invalid size %v", len(trits))
+	}
 	result = FromTrits(trits[:MARSHALED_TOTAL_SIZE])
 	result.bytes = bytes
 
diff --git a/packages/model/meta_transaction/meta_transaction_test.go b/packages/model/meta_transaction/meta_transaction_test.go
index fa6ec565..7a349f2d 100644
--- a/packages/model/meta_transaction/meta_transaction_test.go
+++ b/packages/model/meta_transaction/meta_transaction_test.go
@@ -47,7 +47,9 @@ func TestMetaTransaction_SettersGetters(t *testing.T) {
 	assert.Equal(t, tx.IsHead(), head)
 	assert.Equal(t, tx.IsTail(), tail)
 	assert.Equal(t, tx.GetTransactionType(), transactionType)
-	assert.Equal(t, tx.GetHash(), FromBytes(tx.GetBytes()).GetHash())
+	metaTx, err := FromBytes(tx.GetBytes())
+	require.NoError(t, err)
+	assert.Equal(t, tx.GetHash(), metaTx.GetHash())
 
 	assert.EqualValues(t, "KKDVHBENVLQUNO9WOWWEJPBBHUSYRSRKIMZWCFCDB9RYZKYWLAYWRIBRQETBFKE9TIVWQPCKFWAMCLCAV", tx.GetHash())
 }
diff --git a/plugins/tangle/solidifier.go b/plugins/tangle/solidifier.go
index 02d84440..0c274c49 100644
--- a/plugins/tangle/solidifier.go
+++ b/plugins/tangle/solidifier.go
@@ -42,8 +42,12 @@ func configureSolidifier() {
 	requestedTxs = NewUnsolidTxs()
 
 	gossip.Events.TransactionReceived.Attach(events.NewClosure(func(ev *gossip.TransactionReceivedEvent) {
-		metaTx := meta_transaction.FromBytes(ev.Data)
-		if err := metaTx.Validate(); err != nil {
+		metaTx, err := meta_transaction.FromBytes(ev.Data)
+		if err != nil {
+			log.Warnf("invalid transaction: %s", err)
+			return
+		}
+		if err = metaTx.Validate(); err != nil {
 			log.Warnf("invalid transaction: %s", err)
 			return
 		}
diff --git a/plugins/tangle/solidifier_test.go b/plugins/tangle/solidifier_test.go
index 28a63bc2..9cd09962 100644
--- a/plugins/tangle/solidifier_test.go
+++ b/plugins/tangle/solidifier_test.go
@@ -131,7 +131,11 @@ func TestTangle(t *testing.T) {
 
 // transactionReceived mocks the TransactionReceived event by allowing lower mwm
 func transactionReceived(ev *gossip.TransactionReceivedEvent) {
-	metaTx := meta_transaction.FromBytes(ev.Data)
+	metaTx, err := meta_transaction.FromBytes(ev.Data)
+	if err != nil {
+		log.Warnf("invalid transaction: %s", err)
+		return
+	}
 	if metaTx.GetWeightMagnitude() < testMWM {
 		log.Warnf("invalid weight magnitude: %d / %d", metaTx.GetWeightMagnitude(), testMWM)
 		return
-- 
GitLab