From a3d49837fe0c0013bbb72bc350c39fdcf4fc881a Mon Sep 17 00:00:00 2001 From: jiangyuanshu <317787106@qq.com> Date: Sat, 29 Mar 2025 11:44:43 +0800 Subject: [PATCH 1/2] restict size of address and topics --- .../core/services/jsonrpc/filters/LogFilter.java | 12 ++++++++++-- .../java/org/tron/core/jsonrpc/JsonRpcTest.java | 15 +++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java b/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java index 01be54538b2..f751070ad1f 100644 --- a/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java +++ b/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java @@ -35,6 +35,8 @@ public class LogFilter { @Setter private Bloom[][] filterBlooms; + private final int maxTopicDepth = 4; + private final int maxSubWidth = 20; public LogFilter() { } @@ -58,6 +60,9 @@ public LogFilter(FilterRequest fr) throws JsonRpcInvalidParamsException { String.format("invalid address at index %d: %s", i, s)); } } + if (addr.size() > maxSubWidth) { + throw new JsonRpcInvalidParamsException("address size should be <= " + maxSubWidth); + } withContractAddress(addr.toArray(new byte[addr.size()][])); } else if (fr.getAddress() != null) { @@ -66,8 +71,8 @@ public LogFilter(FilterRequest fr) throws JsonRpcInvalidParamsException { if (fr.getTopics() != null) { //restrict depth of topics, because event has a signature and most 3 indexed parameters - if (fr.getTopics().length > 4) { - throw new JsonRpcInvalidParamsException("topics size should be <= 4"); + if (fr.getTopics().length > maxTopicDepth) { + throw new JsonRpcInvalidParamsException("topics size should be <= " + maxTopicDepth); } for (Object topic : fr.getTopics()) { if (topic == null) { @@ -88,6 +93,9 @@ public LogFilter(FilterRequest fr) throws JsonRpcInvalidParamsException { throw new JsonRpcInvalidParamsException("invalid topic(s): " + s); } } + if (t.size() > maxSubWidth) { + throw new JsonRpcInvalidParamsException("topics' width should be <= " + maxSubWidth); + } withTopic(t.toArray(new byte[t.size()][])); } else { throw new JsonRpcInvalidParamsException("invalid topic(s)"); diff --git a/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java b/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java index c9e6d6a2330..d7e6a6d3ac0 100644 --- a/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java +++ b/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java @@ -240,6 +240,21 @@ public void testLogFilter() { } catch (JsonRpcInvalidParamsException e) { Assert.assertTrue(e.getMessage().contains("invalid address")); } + + //address width should be <= 20 + + //topic's width should be <= 20 + List subTopics = new ArrayList<>(); + for (int i = 0; i < 100; i++) { + subTopics.add("0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef"); + } + Object[] topics = new Object[1]; + topics[0] = subTopics; + try { + new LogFilter(new FilterRequest(null, null, null, topics, null)); + } catch (JsonRpcInvalidParamsException e) { + Assert.assertEquals("topics' width should be <= 20", e.getMessage()); + } } private int[] getBloomIndex(String s) { From d1d191b2f1879a8c403d4f1dfd02ae2a1062833a Mon Sep 17 00:00:00 2001 From: jiangyuanshu <317787106@qq.com> Date: Sun, 30 Mar 2025 00:06:05 +0800 Subject: [PATCH 2/2] add test case of address size --- .../core/services/jsonrpc/filters/LogFilter.java | 3 ++- .../java/org/tron/core/jsonrpc/JsonRpcTest.java | 15 ++++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java b/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java index f751070ad1f..e0d95d79bf7 100644 --- a/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java +++ b/framework/src/main/java/org/tron/core/services/jsonrpc/filters/LogFilter.java @@ -94,7 +94,8 @@ public LogFilter(FilterRequest fr) throws JsonRpcInvalidParamsException { } } if (t.size() > maxSubWidth) { - throw new JsonRpcInvalidParamsException("topics' width should be <= " + maxSubWidth); + throw new JsonRpcInvalidParamsException( + "topic size of one row should be <= " + maxSubWidth); } withTopic(t.toArray(new byte[t.size()][])); } else { diff --git a/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java b/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java index d7e6a6d3ac0..ee8d75ce96d 100644 --- a/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java +++ b/framework/src/test/java/org/tron/core/jsonrpc/JsonRpcTest.java @@ -241,9 +241,18 @@ public void testLogFilter() { Assert.assertTrue(e.getMessage().contains("invalid address")); } - //address width should be <= 20 + //address size should be <= 20 + List addresses = new ArrayList<>(); + for (int i = 0; i < 100; i++) { + addresses.add("0x1D3005237D6516EA794456BBEE9978B5B7AE491F"); + } + try { + new LogFilter(new FilterRequest(null, null, addresses, null, null)); + } catch (JsonRpcInvalidParamsException e) { + Assert.assertEquals("address size should be <= 20", e.getMessage()); + } - //topic's width should be <= 20 + //topic size of one row should be <= 20 List subTopics = new ArrayList<>(); for (int i = 0; i < 100; i++) { subTopics.add("0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef"); @@ -253,7 +262,7 @@ public void testLogFilter() { try { new LogFilter(new FilterRequest(null, null, null, topics, null)); } catch (JsonRpcInvalidParamsException e) { - Assert.assertEquals("topics' width should be <= 20", e.getMessage()); + Assert.assertEquals("topic size of one row should be <= 20", e.getMessage()); } }