node/p2p: enforce minimum heartbeat message length (#1958)
Co-authored-by: tbjump
This commit is contained in:
parent
a6d76f4382
commit
200fee61a8
|
@ -443,6 +443,11 @@ func processSignedHeartbeat(from peer.ID, s *gossipv1.SignedHeartbeat, gs *node_
|
||||||
|
|
||||||
digest := heartbeatDigest(s.Heartbeat)
|
digest := heartbeatDigest(s.Heartbeat)
|
||||||
|
|
||||||
|
// SECURITY: see whitepapers/0009_guardian_key.md
|
||||||
|
if len(heartbeatMessagePrefix)+len(s.Heartbeat) < 34 {
|
||||||
|
return nil, fmt.Errorf("invalid message: too short")
|
||||||
|
}
|
||||||
|
|
||||||
pubKey, err := ethcrypto.Ecrecover(digest.Bytes(), s.Signature)
|
pubKey, err := ethcrypto.Ecrecover(digest.Bytes(), s.Signature)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.New("failed to recover public key")
|
return nil, errors.New("failed to recover public key")
|
||||||
|
|
Loading…
Reference in New Issue