diff options
| author | murilo ijanc | 2026-03-25 14:22:21 -0300 |
|---|---|---|
| committer | murilo ijanc | 2026-03-25 14:22:21 -0300 |
| commit | b9f813fb4b7de1042370b529b9ccc036b208465b (patch) | |
| tree | 488568d9216bf8ea62625eedc7dc718e8afbd690 /src/ops.rs | |
| parent | 57176d45cacb98f1968daa8f8b2efd2735da2731 (diff) | |
| download | tesseras-paste-b9f813fb4b7de1042370b529b9ccc036b208465b.tar.gz | |
Fix critical data integrity and security issues
- Atomic writes in store (write-to-temp + rename) to prevent
corruption on crash
- Validate DHT results against requested content hash to reject
forged data from malicious nodes
- Limit protocol line size to 128 KiB on Unix socket to prevent
memory exhaustion
- Use saturating_add for TTL expiry to prevent u64 overflow
Diffstat (limited to 'src/ops.rs')
| -rw-r--r-- | src/ops.rs | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -118,7 +118,17 @@ pub fn get_paste( if vals.is_empty() { return Err(PasteError::NotFound); } - vals[0].clone() + // Verify DHT result: the content hash must match the + // requested key to prevent a malicious node from + // injecting arbitrary data. + match vals.iter().find(|v| { + Paste::from_bytes(v) + .map(|p| Paste::content_key(&p.content) == *hash) + .unwrap_or(false) + }) { + Some(v) => v.clone(), + None => return Err(PasteError::NotFound), + } }; let paste = Paste::from_bytes(&data).ok_or(PasteError::InvalidKey)?; |