From b9f813fb4b7de1042370b529b9ccc036b208465b Mon Sep 17 00:00:00 2001
From: murilo ijanc
Date: Wed, 25 Mar 2026 14:22:21 -0300
Subject: Fix critical data integrity and security issues

- Atomic writes in store (write-to-temp + rename) to prevent
  corruption on crash
- Validate DHT results against requested content hash to reject
  forged data from malicious nodes
- Limit protocol line size to 128 KiB on Unix socket to prevent
  memory exhaustion
- Use saturating_add for TTL expiry to prevent u64 overflow
---
 src/ops.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'src/ops.rs')

diff --git a/src/ops.rs b/src/ops.rs
index 302bd58..45fb919 100644
--- a/src/ops.rs
+++ b/src/ops.rs
@@ -118,7 +118,17 @@ pub fn get_paste(
         if vals.is_empty() {
             return Err(PasteError::NotFound);
         }
-        vals[0].clone()
+        // Verify DHT result: the content hash must match the
+        // requested key to prevent a malicious node from
+        // injecting arbitrary data.
+        match vals.iter().find(|v| {
+            Paste::from_bytes(v)
+                .map(|p| Paste::content_key(&p.content) == *hash)
+                .unwrap_or(false)
+        }) {
+            Some(v) => v.clone(),
+            None => return Err(PasteError::NotFound),
+        }
     };
 
     let paste = Paste::from_bytes(&data).ok_or(PasteError::InvalidKey)?;
-- 
cgit v1.2.3