diff options
Diffstat (limited to 'src/ops.rs')
| -rw-r--r-- | src/ops.rs | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -118,7 +118,17 @@ pub fn get_paste( if vals.is_empty() { return Err(PasteError::NotFound); } - vals[0].clone() + // Verify DHT result: the content hash must match the + // requested key to prevent a malicious node from + // injecting arbitrary data. + match vals.iter().find(|v| { + Paste::from_bytes(v) + .map(|p| Paste::content_key(&p.content) == *hash) + .unwrap_or(false) + }) { + Some(v) => v.clone(), + None => return Err(PasteError::NotFound), + } }; let paste = Paste::from_bytes(&data).ok_or(PasteError::InvalidKey)?; |