From ac06aed53e06b263c31b30a84b6a9c9edf00b5af Mon Sep 17 00:00:00 2001 From: Jason Date: Fri, 27 Sep 2024 16:40:15 +0200 Subject: [PATCH] fix: validate node ids to avoid crash --- example/ios/Podfile.lock | 4 ++-- lib/android/src/main/java/com/reactnativeldk/LdkModule.kt | 5 +++++ lib/ios/Ldk.swift | 5 +++++ lib/package.json | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/example/ios/Podfile.lock b/example/ios/Podfile.lock index 5850b302..86e41ec2 100644 --- a/example/ios/Podfile.lock +++ b/example/ios/Podfile.lock @@ -316,7 +316,7 @@ PODS: - React-jsinspector (0.72.4) - React-logger (0.72.4): - glog - - react-native-ldk (0.0.151): + - react-native-ldk (0.0.153): - React - react-native-randombytes (3.6.1): - React-Core @@ -621,7 +621,7 @@ SPEC CHECKSUMS: React-jsiexecutor: c7f826e40fa9cab5d37cab6130b1af237332b594 React-jsinspector: aaed4cf551c4a1c98092436518c2d267b13a673f React-logger: da1ebe05ae06eb6db4b162202faeafac4b435e77 - react-native-ldk: a7e71785237dd3d12dc52b4287abd88c865f5262 + react-native-ldk: 56632dc56319db257b5f03e71e791530b2590cbb react-native-randombytes: 421f1c7d48c0af8dbcd471b0324393ebf8fe7846 react-native-tcp-socket: c1b7297619616b4c9caae6889bcb0aba78086989 React-NativeModulesApple: edb5ace14f73f4969df6e7b1f3e41bef0012740f diff --git a/lib/android/src/main/java/com/reactnativeldk/LdkModule.kt b/lib/android/src/main/java/com/reactnativeldk/LdkModule.kt index 51dcc560..8d9189e4 100644 --- a/lib/android/src/main/java/com/reactnativeldk/LdkModule.kt +++ b/lib/android/src/main/java/com/reactnativeldk/LdkModule.kt @@ -658,6 +658,11 @@ class LdkModule(reactContext: ReactApplicationContext) : ReactContextBaseJavaMod fun addPeer(address: String, port: Double, pubKey: String, timeout: Double, promise: Promise) { peerHandler ?: return handleReject(promise, LdkErrors.init_peer_handler) + if (pubKey.hexa().count() != 33 || NodeId.read(pubKey.hexa()).is_ok.not()) { + LdkEventEmitter.send(EventTypes.native_log, "Failed to add new peer. Invalid pubKey: $pubKey") + return handleReject(promise, LdkErrors.add_peer_fail, Error("Invalid pubKey")) + } + //If peer is already connected don't add again val currentList = peerManager!!.list_peers().map { it._counterparty_node_id.hexEncodedString() } if (currentList.contains(pubKey)) { diff --git a/lib/ios/Ldk.swift b/lib/ios/Ldk.swift index 7cb441c1..ed8beb8e 100644 --- a/lib/ios/Ldk.swift +++ b/lib/ios/Ldk.swift @@ -730,6 +730,11 @@ class Ldk: NSObject { func addPeer(_ address: NSString, port: NSInteger, pubKey: NSString, timeout: NSInteger, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) { // timeout param not used. Only for android. + guard String(pubKey).hexaBytes.count == 33 && NodeId.read(ser: String(pubKey).hexaBytes).isOk() else { + LdkEventEmitter.shared.send(withEvent: .native_log, body: "Failed to add new peer. Invalid public key: \(pubKey)") + return handleReject(reject, .add_peer_fail, "Invalid peer public key") + } + if backgroundedAt != nil { // Give it a second maybe it's just restarting sleep(1) diff --git a/lib/package.json b/lib/package.json index bb4c74e1..f41d7e8e 100644 --- a/lib/package.json +++ b/lib/package.json @@ -1,7 +1,7 @@ { "name": "@synonymdev/react-native-ldk", "title": "React Native LDK", - "version": "0.0.152", + "version": "0.0.153", "description": "React Native wrapper for LDK", "main": "./dist/index.js", "types": "./dist/index.d.ts",