From 8ba53229971f11be13c853a1a9557bea020795bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C4=99drzej=20Stuczy=C5=84ski?= Date: Wed, 26 Feb 2025 09:48:21 +0000 Subject: [PATCH] bugfix: bound check when recovering a reply SURB (#5502) --- common/nymsphinx/anonymous-replies/src/reply_surb.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/common/nymsphinx/anonymous-replies/src/reply_surb.rs b/common/nymsphinx/anonymous-replies/src/reply_surb.rs index 3ac7af8571..90bd892d78 100644 --- a/common/nymsphinx/anonymous-replies/src/reply_surb.rs +++ b/common/nymsphinx/anonymous-replies/src/reply_surb.rs @@ -19,6 +19,9 @@ use thiserror::Error; #[derive(Debug, Error)] pub enum ReplySurbError { + #[error("did not receive enough data to recover a reply SURB")] + TooShort, + #[error("tried to use reply SURB with an unpadded message")] UnpaddedMessageError, @@ -131,7 +134,9 @@ impl ReplySurb { } pub fn from_bytes(bytes: &[u8]) -> Result { - // TODO: introduce bound checks to guard us against out of bound reads + if bytes.len() <= SurbEncryptionKeySize::USIZE { + return Err(ReplySurbError::TooShort); + } let encryption_key = SurbEncryptionKey::try_from_bytes(&bytes[..SurbEncryptionKeySize::USIZE])?;