Limited Deserialize isn't limiting anything (#10952)
* Add failing test * Use deserialize_from to enable limit
This commit is contained in:
parent
9b380f8b2c
commit
1a6bbd2867
|
@ -1690,7 +1690,7 @@ fn deserialize_bs58_transaction(bs58_transaction: String) -> Result<(Vec<u8>, Tr
|
|||
}
|
||||
bincode::config()
|
||||
.limit(PACKET_DATA_SIZE as u64)
|
||||
.deserialize(&wire_transaction)
|
||||
.deserialize_from(&wire_transaction[..])
|
||||
.map_err(|err| {
|
||||
info!("transaction deserialize error: {:?}", err);
|
||||
Error::invalid_params(&err.to_string())
|
||||
|
|
|
@ -102,7 +102,7 @@ where
|
|||
{
|
||||
bincode::config()
|
||||
.limit(PACKET_DATA_SIZE as u64)
|
||||
.deserialize(data)
|
||||
.deserialize_from(data)
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
|
|
|
@ -9,6 +9,27 @@ where
|
|||
let limit = crate::packet::PACKET_DATA_SIZE as u64;
|
||||
bincode::config()
|
||||
.limit(limit)
|
||||
.deserialize(instruction_data)
|
||||
.deserialize_from(instruction_data)
|
||||
.map_err(|_| InstructionError::InvalidInstructionData)
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
pub mod tests {
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn test_limited_deserialize() {
|
||||
#[derive(Deserialize, Serialize)]
|
||||
enum Foo {
|
||||
Bar(Vec<u8>),
|
||||
}
|
||||
|
||||
let item = Foo::Bar([1; crate::packet::PACKET_DATA_SIZE - 12].to_vec()); // crate::packet::PACKET_DATA_SIZE - 12: size limit, minus enum variant and vec len() serialized sizes
|
||||
let serialized = bincode::serialize(&item).unwrap();
|
||||
assert!(limited_deserialize::<Foo>(&serialized).is_ok());
|
||||
|
||||
let item = Foo::Bar([1; crate::packet::PACKET_DATA_SIZE - 11].to_vec()); // Extra byte should bump serialized size over the size limit
|
||||
let serialized = bincode::serialize(&item).unwrap();
|
||||
assert!(limited_deserialize::<Foo>(&serialized).is_err());
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue