more validation checks

MarcoPolo · MarcoPolo · commit d55c28425e81 · 2025-02-06T11:36:00.000-08:00
diff --git a/component.go b/component.go
@@ -1,6 +1,7 @@
 package multiaddr
 
 import (
+	"bytes"
 	"encoding/binary"
 	"encoding/json"
 	"fmt"
@@ -217,6 +218,43 @@ func newComponent(protocol Protocol, bvalue []byte) (Component, error) {
 // It ensures that we will be able to call all methods on Component without
 // error.
 func validateComponent(c Component) (Component, error) {
+	if c.valueStartIdx > len(c.bytes) {
+		return Component{}, fmt.Errorf("component valueStartIdx is greater than the length of the component's bytes")
+	}
+
+	if len(c.protocol.VCode) == 0 {
+		return Component{}, fmt.Errorf("Component is missing its protocol's VCode field")
+	}
+	if len(c.bytes) < len(c.protocol.VCode) {
+		return Component{}, fmt.Errorf("component size mismatch: %d != %d", len(c.bytes), len(c.protocol.VCode))
+	}
+	if !bytes.Equal([]byte(c.bytes[:len(c.protocol.VCode)]), c.protocol.VCode) {
+		return Component{}, fmt.Errorf("component's VCode field is invalid: %v != %v", []byte(c.bytes[:len(c.protocol.VCode)]), c.protocol.VCode)
+	}
+	if c.protocol.Size < 0 {
+		size, n, err := ReadVarintCode([]byte(c.bytes[len(c.protocol.VCode):]))
+		if err != nil {
+			return Component{}, err
+		}
+		if size != len(c.bytes[c.valueStartIdx:]) {
+			return Component{}, fmt.Errorf("component value size mismatch: %d != %d", size, len(c.bytes[c.valueStartIdx:]))
+		}
+
+		if len(c.protocol.VCode)+n+size != len(c.bytes) {
+			return Component{}, fmt.Errorf("component size mismatch: %d != %d", len(c.protocol.VCode)+n+size, len(c.bytes))
+		}
+	} else {
+		// Fixed size value
+		size := c.protocol.Size / 8
+		if size != len(c.bytes[c.valueStartIdx:]) {
+			return Component{}, fmt.Errorf("component value size mismatch: %d != %d", size, len(c.bytes[c.valueStartIdx:]))
+		}
+
+		if len(c.protocol.VCode)+size != len(c.bytes) {
+			return Component{}, fmt.Errorf("component size mismatch: %d != %d", len(c.protocol.VCode)+size, len(c.bytes))
+		}
+	}
+
 	_, err := c.valueAndErr()
 	if err != nil {
 		return Component{}, err
diff --git a/protocol.go b/protocol.go
@@ -65,6 +65,9 @@ func AddProtocol(p Protocol) error {
 	if p.Path && p.Size >= 0 {
 		return fmt.Errorf("path protocols must have variable-length sizes")
 	}
+	if len(p.VCode) == 0 {
+		return fmt.Errorf("protocol code %d is missing its VCode field", p.Code)
+	}
 
 	Protocols = append(Protocols, p)
 	protocolsByName[p.Name] = p

Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,9 @@ func AddProtocol(p Protocol) error {`
`65`	`65`	`if p.Path && p.Size >= 0 {`
`66`	`66`	`return fmt.Errorf("path protocols must have variable-length sizes")`
`67`	`67`	`}`
	`68`	`+ if len(p.VCode) == 0 {`
	`69`	`+ return fmt.Errorf("protocol code %d is missing its VCode field", p.Code)`
	`70`	`+ }`
`68`	`71`
`69`	`72`	`Protocols = append(Protocols, p)`
`70`	`73`	`protocolsByName[p.Name] = p`