From 1e4e91f25749966ec02b7c32bab163f8ce35eefe Mon Sep 17 00:00:00 2001 From: fiatjaf Date: Mon, 16 Sep 2024 17:35:23 -0300 Subject: [PATCH] nip19: fail to decode entities with wrong length. --- nip19/nip19.go | 27 +++++++++++++-------------- nip19/nip19_test.go | 6 ++++++ 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/nip19/nip19.go b/nip19/nip19.go index 6cc7027..ccaaa7c 100644 --- a/nip19/nip19.go +++ b/nip19/nip19.go @@ -18,13 +18,13 @@ func Decode(bech32string string) (prefix string, value any, err error) { data, err := bech32.ConvertBits(bits5, 5, 8, false) if err != nil { - return prefix, nil, fmt.Errorf("failed translating data into 8 bits: %s", err.Error()) + return prefix, nil, fmt.Errorf("failed to translate data into 8 bits: %s", err.Error()) } switch prefix { case "npub", "nsec", "note": - if len(data) < 32 { - return prefix, nil, fmt.Errorf("data is less than 32 bytes (%d)", len(data)) + if len(data) != 32 { + return prefix, nil, fmt.Errorf("data should be 32 bytes (%d)", len(data)) } return prefix, hex.EncodeToString(data[0:32]), nil @@ -44,8 +44,8 @@ func Decode(bech32string string) (prefix string, value any, err error) { switch t { case TLVDefault: - if len(v) < 32 { - return prefix, nil, fmt.Errorf("pubkey is less than 32 bytes (%d)", len(v)) + if len(v) != 32 { + return prefix, nil, fmt.Errorf("pubkey should be 32 bytes (%d)", len(v)) } result.PublicKey = hex.EncodeToString(v) case TLVRelay: @@ -72,23 +72,22 @@ func Decode(bech32string string) (prefix string, value any, err error) { switch t { case TLVDefault: - if len(v) < 32 { - return prefix, nil, fmt.Errorf("id is less than 32 bytes (%d)", len(v)) + if len(v) != 32 { + return prefix, nil, fmt.Errorf("id should be 32 bytes (%d)", len(v)) } result.ID = hex.EncodeToString(v) case TLVRelay: result.Relays = append(result.Relays, string(v)) case TLVAuthor: - if len(v) < 32 { - return prefix, nil, fmt.Errorf("author is less than 32 bytes (%d)", len(v)) + if len(v) != 32 { + return prefix, nil, fmt.Errorf("author should be 32 bytes (%d)", len(v)) } result.Author = hex.EncodeToString(v) case TLVKind: - if len(v) == 4 { - result.Kind = int(binary.BigEndian.Uint32(v)) - } else { + if len(v) != 4 { return prefix, nil, fmt.Errorf("invalid uint32 value for integer (%v)", v) } + result.Kind = int(binary.BigEndian.Uint32(v)) default: // ignore } @@ -115,8 +114,8 @@ func Decode(bech32string string) (prefix string, value any, err error) { case TLVRelay: result.Relays = append(result.Relays, string(v)) case TLVAuthor: - if len(v) < 32 { - return prefix, nil, fmt.Errorf("author is less than 32 bytes (%d)", len(v)) + if len(v) != 32 { + return prefix, nil, fmt.Errorf("author should be 32 bytes (%d)", len(v)) } result.PublicKey = hex.EncodeToString(v) case TLVKind: diff --git a/nip19/nip19_test.go b/nip19/nip19_test.go index 8fd1640..9ca31dc 100644 --- a/nip19/nip19_test.go +++ b/nip19/nip19_test.go @@ -5,6 +5,7 @@ import ( "github.com/nbd-wtf/go-nostr" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestEncodeNpub(t *testing.T) { @@ -139,3 +140,8 @@ func TestEncodeDecodeNEvent(t *testing.T) { assert.Equal(t, 1, len(ep.Relays), "wrong number of relays") assert.Equal(t, "wss://banana.com", ep.Relays[0]) } + +func TestFailDecodeBadlyFormattedPubkey(t *testing.T) { + _, _, err := Decode("nevent1qqsgaj0la08u0vl2ecmlmrg4xl0vjcz647yx7jgvgzfr566ael4hmjgpp4mhxue69uhhjctzw5hx6egzgqurswpc8qurswpexq6rjvm9xp3nvcfkv56xzv35v9jnxve389snqephve3n2wf4vdsnxepcv56kxct9xyunjdf5v5cnzveexqcrsepnk6yu5r") + require.Error(t, err, "should fail to decode this because the author is hex as bytes garbage") +}