grassrootseconomics/openethereum
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add check for deserialising hex values over U256 limit (#11309)

Browse Source 
* Add check for hex values over U256 limit

* Update test in account.rs

Update spec.json field to match test name.

* Update json/src/uint.rs

Co-Authored-By: David <dvdplm@gmail.com>

* Add test for expected deserialisation error

* Update json/src/uint.rs

Co-Authored-By: Niklas Adolfsson <niklasadolfsson1@gmail.com>

* Update json/src/uint.rs

Co-Authored-By: Niklas Adolfsson <niklasadolfsson1@gmail.com>

* Remove superfluous serialisation test

The test `uint_deserialization_error_for_hex_too_large` sufficiently
covers the need for this test.
This commit is contained in:
Lewis Belcher 2019-12-06 14:07:44 +01:00 committed by David
parent 36c917eb7a
commit a6350c65aa
1 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
json/src/uint.rs
View File

@ -76,9 +76,14 @@ impl<'a> Visitor<'a> for UintVisitor {
let value = match value.len() { let value = match value.len() {
0 => U256::from(0), 0 => U256::from(0),
2 if value.starts_with("0x") => U256::from(0), 2 if value.starts_with("0x") => U256::from(0),
_ if value.starts_with("0x") => U256::from_str(&value[2..]).map_err(|e| { _ if value.starts_with("0x") => {
if value.len() > 66 {
return Err(Error::custom(format!("Invalid hex value {}: value too big", value).as_str()));
}
U256::from_str(&value[2..]).map_err(|e| {
Error::custom(format!("Invalid hex value {}: {}", value, e).as_str()) Error::custom(format!("Invalid hex value {}: {}", value, e).as_str())
})?, })?
},
_ => U256::from_dec_str(value).map_err(|e| { _ => U256::from_dec_str(value).map_err(|e| {
Error::custom(format!("Invalid decimal value {}: {:?}", value, e).as_str()) Error::custom(format!("Invalid decimal value {}: {:?}", value, e).as_str())
})? })?
@ -120,6 +125,7 @@ pub fn validate_optional_non_zero<'de, D>(d: D) -> Result<Option<Uint>, D::Error
mod test { mod test {
use super::Uint; use super::Uint;
use ethereum_types::U256; use ethereum_types::U256;
use serde_json::error::Category;
#[test] #[test]
fn uint_deserialization() { fn uint_deserialization() {
@ -134,6 +140,18 @@ mod test {
]); ]);
} }
#[test]
fn uint_deserialization_error_for_hex_too_large() {
let hex = format!("0x{}", "1".repeat(65));
let result: Result<Uint, _> = serde_json::from_str(&format!(r#""{}""#, hex));
let err = result.unwrap_err();
assert!(err.is_data());
assert_eq!(
err.to_string(),
format!("Invalid hex value {}: value too big at line 1 column 69", hex)
);
}
#[test] #[test]
fn uint_into() { fn uint_into() {
assert_eq!(U256::from(10), Uint(U256::from(10)).into()); assert_eq!(U256::from(10), Uint(U256::from(10)).into());