diff --git a/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java b/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java index 01be54538b2..e0d95d79bf7 100644 --- a/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java +++ b/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java @@ -35,6 +35,8 @@ public class LogFilter { @Setter private Bloom[][] filterBlooms; + private final int maxTopicDepth = 4; + private final int maxSubWidth = 20; public LogFilter() { } @@ -58,6 +60,9 @@ public LogFilter(FilterRequest fr) throws JsonRpcInvalidParamsException { String.format("invalid address at index %d: %s", i, s)); } } + if (addr.size() > maxSubWidth) { + throw new JsonRpcInvalidParamsException("address size should be <= " + maxSubWidth); + } withContractAddress(addr.toArray(new byte[addr.size()][])); } else if (fr.getAddress() != null) { @@ -66,8 +71,8 @@ public LogFilter(FilterRequest fr) throws JsonRpcInvalidParamsException { if (fr.getTopics() != null) { //restrict depth of topics, because event has a signature and most 3 indexed parameters - if (fr.getTopics().length > 4) { - throw new JsonRpcInvalidParamsException("topics size should be <= 4"); + if (fr.getTopics().length > maxTopicDepth) { + throw new JsonRpcInvalidParamsException("topics size should be <= " + maxTopicDepth); } for (Object topic : fr.getTopics()) { if (topic == null) { @@ -88,6 +93,10 @@ public LogFilter(FilterRequest fr) throws JsonRpcInvalidParamsException { throw new JsonRpcInvalidParamsException("invalid topic(s): " + s); } } + if (t.size() > maxSubWidth) { + throw new JsonRpcInvalidParamsException( + "topic size of one row should be <= " + maxSubWidth); + } withTopic(t.toArray(new byte[t.size()][])); } else { throw new JsonRpcInvalidParamsException("invalid topic(s)"); diff --git a/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java b/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java index c9e6d6a2330..ee8d75ce96d 100644 --- a/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java +++ b/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java @@ -240,6 +240,30 @@ public void testLogFilter() { } catch (JsonRpcInvalidParamsException e) { Assert.assertTrue(e.getMessage().contains("invalid address")); } + + //address size should be <= 20 + List addresses = new ArrayList<>(); + for (int i = 0; i < 100; i++) { + addresses.add("0x1D3005237D6516EA794456BBEE9978B5B7AE491F"); + } + try { + new LogFilter(new FilterRequest(null, null, addresses, null, null)); + } catch (JsonRpcInvalidParamsException e) { + Assert.assertEquals("address size should be <= 20", e.getMessage()); + } + + //topic size of one row should be <= 20 + List subTopics = new ArrayList<>(); + for (int i = 0; i < 100; i++) { + subTopics.add("0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef"); + } + Object[] topics = new Object[1]; + topics[0] = subTopics; + try { + new LogFilter(new FilterRequest(null, null, null, topics, null)); + } catch (JsonRpcInvalidParamsException e) { + Assert.assertEquals("topic size of one row should be <= 20", e.getMessage()); + } } private int[] getBloomIndex(String s) {