external/ton
1
0
Fork 0
mirror of https://github.com/ton-blockchain/ton synced 2025-03-09 15:40:10 +00:00
Code Issues Releases Wiki Activity

Tonlib improvement fixes (#934)

Browse source 
* 3.6. Fix directory traversal in KeyValueDir

* 3.9. Fix buffer_to_hex reversing nibbles

* 3.5. Fix error handling at blocks.getBlockHeader

* 3.11. Fix query.forget

* 3.12. Fix error handling in RemoteRunSmcMethod

* 4.1. Delete unused files

* 3.10. Use named constants instead hardcoded constants

* 3.4. Fix response block header verification

* 3.1. Check proof of blocks.getShards response

* fix td::buffer_to_hex + test

* 3.2. Add proof check for listBlockTransactions response in RunEmulator actor

* 3.8. Add proof checking for getLibraries method

* fix regression tests

* 3.3 Add proof checking for lookupBlock method

* Add publishers to proof of getLibrariesWithProof response  (#25)

* fix missing return, fix requesting mc block

* Fix requesting lookupBlock with client mc blk == mc ref block

* Fix duplicating lib data in proof and data, add mode 2 for not including the data

* Migration of LastBlockStorage with fixed td::buffer_to_hex

---------

Co-authored-by: ms <dungeon666master@protonmail.com>
Co-authored-by: Marat <98183742+dungeon-master-666@users.noreply.github.com>
This commit is contained in:
EmelyanenkoK 2024-03-19 15:31:29 +03:00 committed by GitHub
parent 69de1cb621
commit f1592641de
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
25 changed files with 1000 additions and 854 deletions
Download patch file Download diff file Expand all files Collapse all files

38
tonlib/tonlib/KeyValue.cpp
View file

@ -42,7 +42,11 @@ class KeyValueDir : public KeyValue {
}
td::Status add(td::Slice key, td::Slice value) override {
auto path = to_file_path(key.str());
auto key_str = key.str();
if (!is_valid_key(key_str)) {
return td::Status::Error("Invalid key");
}
auto path = to_file_path(key_str);
if (td::stat(path).is_ok()) {
return td::Status::Error(PSLICE() << "File " << path << "already exists");
}
@ -50,15 +54,27 @@ class KeyValueDir : public KeyValue {
}
td::Status set(td::Slice key, td::Slice value) override {
return td::atomic_write_file(to_file_path(key.str()), value);
auto key_str = key.str();
if (!is_valid_key(key_str)) {
return td::Status::Error("Invalid key");
}
return td::atomic_write_file(to_file_path(key_str), value);
}
td::Result<td::SecureString> get(td::Slice key) override {
return td::read_file_secure(to_file_path(key.str()));
auto key_str = key.str();
if (!is_valid_key(key_str)) {
return td::Status::Error("Invalid key");
}
return td::read_file_secure(to_file_path(key_str));
}
td::Status erase(td::Slice key) override {
return td::unlink(to_file_path(key.str()));
auto key_str = key.str();
if (!is_valid_key(key_str)) {
return td::Status::Error("Invalid key");
}
return td::unlink(to_file_path(key_str));
}
void foreach_key(std::function<void(td::Slice)> f) override {
@ -83,6 +99,20 @@ class KeyValueDir : public KeyValue {
std::string to_file_path(std::string key) {
return directory_ + TD_DIR_SLASH + key;
}
bool is_valid_key(const std::string& key) {
if (key.empty()) {
return false;
}
if (key.find(TD_DIR_SLASH) != std::string::npos || key.find("..") != std::string::npos) {
return false;
}
return std::all_of(key.begin(), key.end(), [](char c) {
return std::isalnum(c) || c == '_' || c == '-' || c == '.';
});
}
};
class KeyValueInmemory : public KeyValue {