channeldb/addr: sanity check onion address length before writing to db

2019-01-17 14:11:56 +01:00 · 2019-01-17 14:11:56 +01:00 · 6a3e1423d2
commit 6a3e1423d2
parent e2e00f9dd2
1 changed files with 19 additions and 1 deletions
--- a/channeldb/addr.go
+++ b/channeldb/addr.go
@ -69,7 +69,8 @@ func encodeTCPAddr(w io.Writer, addr *net.TCPAddr) error {
 // representation.
 func encodeOnionAddr(w io.Writer, addr *tor.OnionAddr) error {
 	var suffixIndex int
-	switch len(addr.OnionService) {
+	hostLen := len(addr.OnionService)
+	switch hostLen {
 	case tor.V2Len:
 		if _, err := w.Write([]byte{byte(v2OnionAddr)}); err != nil {
 			return err
@ -84,12 +85,29 @@ func encodeOnionAddr(w io.Writer, addr *tor.OnionAddr) error {
 		return errors.New("unknown onion service length")
 	}

+	suffix := addr.OnionService[suffixIndex:]
+	if suffix != tor.OnionSuffix {
+		return fmt.Errorf("invalid suffix \"%v\"", suffix)
+	}
+
 	host, err := tor.Base32Encoding.DecodeString(
 		addr.OnionService[:suffixIndex],
 	)
 	if err != nil {
 		return err
 	}
+
+	// Sanity check the decoded length.
+	switch {
+	case hostLen == tor.V2Len && len(host) != tor.V2DecodedLen:
+		return fmt.Errorf("onion service %v decoded to invalid host %x",
+			addr.OnionService, host)
+
+	case hostLen == tor.V3Len && len(host) != tor.V3DecodedLen:
+		return fmt.Errorf("onion service %v decoded to invalid host %x",
+			addr.OnionService, host)
+	}
+
 	if _, err := w.Write(host); err != nil {
 		return err
 	}