node/p2p: enforce ObservationRequest signature payload >= 34 bytes (#1992)
Co-authored-by: tbjump <>
This commit is contained in:
parent
200fee61a8
commit
17e732c741
|
@ -484,6 +484,11 @@ func processSignedObservationRequest(s *gossipv1.SignedObservationRequest, gs *n
|
||||||
pk = gs.Keys[idx]
|
pk = gs.Keys[idx]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SECURITY: see whitepapers/0009_guardian_key.md
|
||||||
|
if len(signedObservationRequestPrefix)+len(s.ObservationRequest) < 34 {
|
||||||
|
return nil, fmt.Errorf("invalid observation request: too short")
|
||||||
|
}
|
||||||
|
|
||||||
digest := signedObservationRequestDigest(s.ObservationRequest)
|
digest := signedObservationRequestDigest(s.ObservationRequest)
|
||||||
|
|
||||||
pubKey, err := ethcrypto.Ecrecover(digest.Bytes(), s.Signature)
|
pubKey, err := ethcrypto.Ecrecover(digest.Bytes(), s.Signature)
|
||||||
|
|
Loading…
Reference in New Issue