From 3e6ecff62ba7edb55e5fda715f1bca86a67805b6 Mon Sep 17 00:00:00 2001 From: "Tobin C. Harding" Date: Tue, 17 Oct 2023 14:23:32 +1100 Subject: [PATCH] Check encoded string is not too long Currently it is possible to encode a string that is more than 90 characters long, this is in violation of BIP-173. We recently added a function `crate::encoded_length` that does the length check, call it when encoding in all the encode and encode to fmt functions. --- src/lib.rs | 64 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 57 insertions(+), 7 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index ac086bb56..e9daf4189 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -142,7 +142,6 @@ pub mod segwit; use alloc::{string::String, vec::Vec}; use core::fmt; -#[cfg(feature = "alloc")] use crate::error::write_err; #[cfg(doc)] use crate::primitives::decode::CheckedHrpstring; @@ -220,7 +219,7 @@ pub fn decode(s: &str) -> Result<(Hrp, Vec), DecodeError> { /// `Ck` algorithm (`NoChecksum` to exclude checksum all together). #[cfg(feature = "alloc")] #[inline] -pub fn encode(hrp: Hrp, data: &[u8]) -> Result { +pub fn encode(hrp: Hrp, data: &[u8]) -> Result { encode_lower::(hrp, data) } @@ -230,7 +229,9 @@ pub fn encode(hrp: Hrp, data: &[u8]) -> Result /// `Ck` algorithm (`NoChecksum` to exclude checksum all together). #[cfg(feature = "alloc")] #[inline] -pub fn encode_lower(hrp: Hrp, data: &[u8]) -> Result { +pub fn encode_lower(hrp: Hrp, data: &[u8]) -> Result { + let _ = encoded_length::(&hrp, data)?; + let mut buf = String::new(); encode_lower_to_fmt::(&mut buf, hrp, data)?; Ok(buf) @@ -242,7 +243,9 @@ pub fn encode_lower(hrp: Hrp, data: &[u8]) -> Result(hrp: Hrp, data: &[u8]) -> Result { +pub fn encode_upper(hrp: Hrp, data: &[u8]) -> Result { + let _ = encoded_length::(&hrp, data)?; + let mut buf = String::new(); encode_upper_to_fmt::(&mut buf, hrp, data)?; Ok(buf) @@ -257,7 +260,7 @@ pub fn encode_to_fmt( fmt: &mut W, hrp: Hrp, data: &[u8], -) -> Result<(), fmt::Error> { +) -> Result<(), EncodeError> { encode_lower_to_fmt::(fmt, hrp, data) } @@ -270,7 +273,9 @@ pub fn encode_lower_to_fmt( fmt: &mut W, hrp: Hrp, data: &[u8], -) -> Result<(), fmt::Error> { +) -> Result<(), EncodeError> { + let _ = encoded_length::(&hrp, data)?; + let iter = data.iter().copied().bytes_to_fes(); let chars = iter.with_checksum::(&hrp).chars(); for c in chars { @@ -288,7 +293,9 @@ pub fn encode_upper_to_fmt( fmt: &mut W, hrp: Hrp, data: &[u8], -) -> Result<(), fmt::Error> { +) -> Result<(), EncodeError> { + let _ = encoded_length::(&hrp, data)?; + let iter = data.iter().copied().bytes_to_fes(); let chars = iter.with_checksum::(&hrp).chars(); for c in chars { @@ -456,6 +463,49 @@ impl From for DecodeFromReaderError { fn from(e: DecodeError) -> Self { Self::Decode(e) } } +/// An error while encoding an address. +#[derive(Debug, Clone, PartialEq, Eq)] +#[non_exhaustive] +pub enum EncodeError { + /// Encoding HRP and data into a bech32 string exceeds the spec limit of 90 characters. + TooLong(EncodedLengthError), + /// Error writing to the formatter. + Fmt(fmt::Error), +} + +impl fmt::Display for EncodeError { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + use EncodeError::*; + + match *self { + TooLong(ref e) => write_err!(f, "encoded string too long"; e), + Fmt(ref e) => write_err!(f, "write to formatter failed"; e), + } + } +} + +#[cfg(feature = "std")] +impl std::error::Error for EncodeError { + fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { + use EncodeError::*; + + match *self { + TooLong(ref e) => Some(e), + Fmt(ref e) => Some(e), + } + } +} + +impl From for EncodeError { + #[inline] + fn from(e: EncodedLengthError) -> Self { Self::TooLong(e) } +} + +impl From for EncodeError { + #[inline] + fn from(e: fmt::Error) -> Self { Self::Fmt(e) } +} + /// Encoding bech32 string exceeds the spec limit of 90 characters. #[derive(Debug, Clone, PartialEq, Eq)] #[non_exhaustive]