-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RLP list decoding too lax for objects #255
Labels
Comments
Just ran into that issue when debugging wire protocol datagrams as processed by |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There seems to be no list size check done when decoding an object (possible also in general for lists?).
e.g. when decoding
ef8c000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000080
to aWhoAreYouObj
, that works as expected, as the rlp is valid.However, decoding
c08c000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000080
to aWhoAreYouObj
, also works, while clearly the list size (c0 -> size 0) is not correct.Only spotted this by adding a re-encode step and comparing with original payload in a fuzzing test.
Perhaps related with #254
The text was updated successfully, but these errors were encountered: