Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: use safer slice splitting #6437

Merged
merged 1 commit into from
Jul 31, 2024
Merged

chore: use safer slice splitting #6437

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 4 additions & 8 deletions base_layer/common_types/src/encryption.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ use std::mem::size_of;

use chacha20poly1305::{
aead::{Aead, Payload},
Tag,
XChaCha20Poly1305,
XNonce,
};
Expand Down Expand Up @@ -56,13 +55,10 @@ pub fn decrypt_bytes_integral_nonce(
domain: Vec<u8>,
ciphertext: &[u8],
) -> Result<Vec<u8>, String> {
// We need at least a nonce and tag, or there's no point in attempting decryption
if ciphertext.len() < size_of::<XNonce>() + size_of::<Tag>() {
return Err("Ciphertext is too short".to_string());
}

// Extract the nonce
let (nonce, ciphertext) = ciphertext.split_at(size_of::<XNonce>());
let (nonce, ciphertext) = ciphertext
.split_at_checked(size_of::<XNonce>())
.ok_or("Ciphertext is too short".to_string())?;
let nonce_ga = XNonce::from_slice(nonce);

let payload = Payload {
Expand Down Expand Up @@ -109,7 +105,7 @@ pub fn encrypt_bytes_integral_nonce(

#[cfg(test)]
mod test {
use chacha20poly1305::{Key, KeyInit};
use chacha20poly1305::{Key, KeyInit, Tag};

use super::*;

Expand Down
9 changes: 7 additions & 2 deletions comms/core/src/peer_validator/helpers.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,8 +171,13 @@ fn validate_onion3_address(addr: &multiaddr::Onion3Addr<'_>) -> Result<(), PeerV
const ONION3_PUBKEY_SIZE: usize = 32;
const ONION3_CHECKSUM_SIZE: usize = 2;

let (pub_key, checksum_version) = addr.hash().split_at(ONION3_PUBKEY_SIZE);
let (checksum, version) = checksum_version.split_at(ONION3_CHECKSUM_SIZE);
let (pub_key, checksum_version) = addr
.hash()
.split_at_checked(ONION3_PUBKEY_SIZE)
.ok_or(PeerValidatorError::InvalidMultiaddr("Unable to split data".to_string()))?;
let (checksum, version) = checksum_version
.split_at_checked(ONION3_CHECKSUM_SIZE)
.ok_or(PeerValidatorError::InvalidMultiaddr("Unable to split data".to_string()))?;

if version != b"\x03" {
return Err(PeerValidatorError::InvalidMultiaddr(
Expand Down
2 changes: 1 addition & 1 deletion docs/src/reviewing_guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,4 +122,4 @@ Here is a good example of nice semantic rust code, but the code has the potentia

#### Behind-the-scenes panics

Not all methods in the standard and other libraries that return values are guaranteed not to panic, for example, `pub const fn split_at(&self, mid: usize) -> (&[T], &[T])` will panic if `mid` > `self.len()`. Create custom wrappers that will return an error before the underlying function will panic, for example, `pub fn split_at_checked<T>(vec: &[T], n: usize) -> Result<(&[T], &[T]), Error>`.
Not all methods in the standard and other libraries that return values are guaranteed not to panic. Create custom wrappers that will return an error before the underlying function will panic.
Loading