certusone
/
wormhole
mirror of https://github.com/certusone/wormhole.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

node/p2p: enforce minimum heartbeat message length (#1958) 

Co-authored-by: tbjump
This commit is contained in:
tbjump 2022-11-28 10:23:34 -06:00 committed by GitHub
parent a6d76f4382
commit 200fee61a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
node/pkg/p2p/p2p.go
View File

@ -443,6 +443,11 @@ func processSignedHeartbeat(from peer.ID, s *gossipv1.SignedHeartbeat, gs *node_
digest := heartbeatDigest(s.Heartbeat)
// SECURITY: see whitepapers/0009_guardian_key.md
if len(heartbeatMessagePrefix)+len(s.Heartbeat) < 34 {
return nil, fmt.Errorf("invalid message: too short")
}
pubKey, err := ethcrypto.Ecrecover(digest.Bytes(), s.Signature)
if err != nil {
return nil, errors.New("failed to recover public key")