From a6f3cdcb26a548c1692e0d143287e1390291cba9 Mon Sep 17 00:00:00 2001 From: Adin Schmahmann Date: Tue, 1 Dec 2020 11:02:48 -0500 Subject: [PATCH] p2p-proxy: earlier peerID validation check --- core/corehttp/p2p_proxy.go | 5 +++++ test/sharness/t0184-http-proxy-over-p2p.sh | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/core/corehttp/p2p_proxy.go b/core/corehttp/p2p_proxy.go index c4b34b59241..1dee5055a50 100644 --- a/core/corehttp/p2p_proxy.go +++ b/core/corehttp/p2p_proxy.go @@ -9,6 +9,7 @@ import ( "strings" core "github.com/ipfs/go-ipfs/core" + peer "github.com/libp2p/go-libp2p-core/peer" protocol "github.com/libp2p/go-libp2p-core/protocol" p2phttp "github.com/libp2p/go-libp2p-http" @@ -60,6 +61,10 @@ func parseRequest(request *http.Request) (*proxyRequest, error) { return nil, fmt.Errorf("Invalid request path '%s'", path) } + if _, err := peer.Decode(split[2]); err != nil { + return nil, fmt.Errorf("Invalid request path '%s'", path) + } + if split[3] == "http" { return &proxyRequest{split[2], protocol.ID("/http"), split[4]}, nil } diff --git a/test/sharness/t0184-http-proxy-over-p2p.sh b/test/sharness/t0184-http-proxy-over-p2p.sh index c1dfcb1d422..ef5799bb6b7 100755 --- a/test/sharness/t0184-http-proxy-over-p2p.sh +++ b/test/sharness/t0184-http-proxy-over-p2p.sh @@ -194,7 +194,12 @@ test_expect_success 'handle proxy http request invalid request' ' ' test_expect_success 'handle proxy http request unknown proxy peer ' ' - curl_check_response_code 502 p2p/unknown_peer/http/index.txt + UNKNOWN_PEER="k51qzi5uqu5dlmbel1sd8rs4emr3bfosk9bm4eb42514r4lakt4oxw3a3fa2tm" && + curl_check_response_code 502 p2p/$UNKNOWN_PEER/http/index.txt +' + +test_expect_success 'handle proxy http request to invalid proxy peer ' ' + curl_check_response_code 502 p2p/invalid_peer/http/index.txt ' test_expect_success 'handle proxy http request to custom protocol' '