Add in Stronger Length Checks (#9758)

* add changes * radek's review Co-authored-by: Raul Jordan <raul@prysmaticlabs.com>
2026-01-09 15:37:56 -05:00 · 2021-10-09 01:41:36 +08:00
parent 63349d863b
commit 65d2df4609
13 changed files with 121 additions and 38 deletions
--- a/container/trie/BUILD.bazel
+++ b/container/trie/BUILD.bazel
@@ -27,6 +27,7 @@ go_test(
        "//crypto/hash:go_default_library",
        "//encoding/bytesutil:go_default_library",
        "//proto/prysm/v1alpha1:go_default_library",
+        "//testing/assert:go_default_library",
        "//testing/require:go_default_library",
        "@com_github_ethereum_go_ethereum//accounts/abi/bind:go_default_library",
    ],
--- a/container/trie/sparse_merkle.go
+++ b/container/trie/sparse_merkle.go
@@ -93,7 +93,10 @@ func (m *SparseMerkleTrie) HashTreeRoot() [32]byte {
 }

 // Insert an item into the trie.
-func (m *SparseMerkleTrie) Insert(item []byte, index int) {
+func (m *SparseMerkleTrie) Insert(item []byte, index int) error {
+	if index < 0 {
+		return fmt.Errorf("negative index provided: %d", index)
+	}
 	for index >= len(m.branches[0]) {
 		m.branches[0] = append(m.branches[0], ZeroHashes[0][:])
 	}
@@ -132,10 +135,14 @@ func (m *SparseMerkleTrie) Insert(item []byte, index int) {
 		}
 		currentIndex = parentIdx
 	}
+	return nil
 }

 // MerkleProof computes a proof from a trie's branches using a Merkle index.
 func (m *SparseMerkleTrie) MerkleProof(index int) ([][]byte, error) {
+	if index < 0 {
+		return nil, fmt.Errorf("merkle index is negative: %d", index)
+	}
 	merkleIndex := uint(index)
 	leaves := m.branches[0]
 	if index >= len(leaves) {
--- a/container/trie/sparse_merkle_test.go
+++ b/container/trie/sparse_merkle_test.go
@@ -11,6 +11,7 @@ import (
 	"github.com/prysmaticlabs/prysm/crypto/hash"
 	"github.com/prysmaticlabs/prysm/encoding/bytesutil"
 	ethpb "github.com/prysmaticlabs/prysm/proto/prysm/v1alpha1"
+	"github.com/prysmaticlabs/prysm/testing/assert"
 	"github.com/prysmaticlabs/prysm/testing/require"
 )

@@ -112,6 +113,24 @@ func TestMerkleTrie_VerifyMerkleProof(t *testing.T) {
 	require.Equal(t, false, trie.VerifyMerkleBranch(root[:], []byte("buzz"), 3, proof, params.BeaconConfig().DepositContractTreeDepth))
 }

+func TestMerkleTrie_NegativeIndexes(t *testing.T) {
+	items := [][]byte{
+		[]byte("A"),
+		[]byte("B"),
+		[]byte("C"),
+		[]byte("D"),
+		[]byte("E"),
+		[]byte("F"),
+		[]byte("G"),
+		[]byte("H"),
+	}
+	m, err := trie.GenerateTrieFromItems(items, params.BeaconConfig().DepositContractTreeDepth)
+	require.NoError(t, err)
+	_, err = m.MerkleProof(-1)
+	require.ErrorContains(t, "merkle index is negative", err)
+	require.ErrorContains(t, "negative index provided", m.Insert([]byte{'J'}, -1))
+}
+
 func TestMerkleTrie_VerifyMerkleProof_TrieUpdated(t *testing.T) {
 	items := [][]byte{
 		{1},
@@ -128,7 +147,7 @@ func TestMerkleTrie_VerifyMerkleProof_TrieUpdated(t *testing.T) {
 	require.Equal(t, true, trie.VerifyMerkleBranch(root[:], items[0], 0, proof, depth))

 	// Now we update the trie.
-	m.Insert([]byte{5}, 3)
+	assert.NoError(t, m.Insert([]byte{5}, 3))
 	proof, err = m.MerkleProof(3)
 	require.NoError(t, err)
 	root = m.HashTreeRoot()
@@ -140,7 +159,7 @@ func TestMerkleTrie_VerifyMerkleProof_TrieUpdated(t *testing.T) {
 	}

 	// Now we update the trie at an index larger than the number of items.
-	m.Insert([]byte{6}, 15)
+	assert.NoError(t, m.Insert([]byte{6}, 15))
 }

 func TestRoundtripProto_OK(t *testing.T) {
@@ -209,7 +228,7 @@ func BenchmarkInsertTrie_Optimized(b *testing.B) {
 	someItem := bytesutil.ToBytes32([]byte("hello-world"))
 	b.StartTimer()
 	for i := 0; i < b.N; i++ {
-		tr.Insert(someItem[:], i%numDeposits)
+		require.NoError(b, tr.Insert(someItem[:], i%numDeposits))
 	}
 }