Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't allow invalid chars in Symbol objects. #765

Merged
merged 2 commits into from
Apr 18, 2023
Merged

Don't allow invalid chars in Symbol objects. #765

merged 2 commits into from
Apr 18, 2023

Conversation

brson
Copy link
Contributor

@brson brson commented Apr 14, 2023

What

Validate that large Symbol values do not contain chars that are not allowed in Symbol types.

Why

The conversion from str to Symbol falls back to the object path if a SymbolSmall cannot be created. The Host::symbol_new_from_slice function though does not do the required validation:

impl<E: Env> TryFromVal<E, &str> for Symbol {
    type Error = ConversionError;

    fn try_from_val(env: &E, v: &&str) -> Result<Self, Self::Error> {
        if let Ok(ss) = SymbolSmall::try_from_str(v) {
            Ok(Self(ss.0))
        } else if let Ok(so) = env.symbol_new_from_slice(v) {
            Ok(Self(so.0))
        } else {
            Err(ConversionError)
        }
    }
}

Symbol::new_from_slice creates an ScSymbol and puts it into the environment, but ScSymbol is (currently) allowed to contain invalid chars:

    fn symbol_new_from_slice(&self, s: &str) -> Result<SymbolObject, HostError> {
        self.add_host_object(ScSymbol(s.as_bytes().to_vec().try_into()?))
    }

This patch changes symbol_new_from_slice to prevent invalid ScSymbols from being injected into the environment.

This patch adds several test cases. Only the invalid_chars case was failing. The others I added because it wasn't obvious to me whether the cases were being checked or not; especially it was not obvious to me from the docs whether zero-length symbols are allowed (they are). The docs for Symbol should be updated to indicate zero-length symbols are ok, but that patch needs to live in the sdk.

Known limitations

na

@brson brson requested review from graydon, sisuresh and a team as code owners April 14, 2023 21:26
@brson brson mentioned this pull request Apr 14, 2023
Closed
dmkozh
dmkozh approved these changes Apr 14, 2023
View reviewed changes
Copy link
Contributor

@dmkozh dmkozh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this!

leighmcculloch
leighmcculloch approved these changes Apr 14, 2023
View reviewed changes
Copy link
Member

@leighmcculloch leighmcculloch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@graydon graydon enabled auto-merge (squash) April 18, 2023 15:54
@graydon graydon merged commit 1e3aba3 into stellar:main Apr 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmkozh dmkozh dmkozh approved these changes

@leighmcculloch leighmcculloch leighmcculloch approved these changes

@graydon graydon graydon approved these changes

@sisuresh sisuresh Awaiting requested review from sisuresh sisuresh is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@brson @graydon @leighmcculloch @dmkozh