Protect against OOB offset in variable list SSZ decoding (#974)

* Add "pretty-ssz" tool to lcli * Protect against OOB SSZ offset * Add more work on decoding * Fix benches * Add more decode fixes * Rename fixed_ptr * Add, fix tests * Add extra test * Increase SSZ decode error granularity * Ripples new error types across ssz crate * Add comment to `sanitize_offset` * Introduce max_len to SSZ list decoding * Restrict FixedVector, check for zero-len items * Double check for empty list * Address Michael's comment
2026-03-21 22:04:44 +00:00 · 2020-04-20 15:35:47 +10:00
parent 32074f0d09
commit b374ead24b
8 changed files with 263 additions and 82 deletions
--- a/lcli/src/parse_ssz.rs
+++ b/lcli/src/parse_ssz.rs
@@ -0,0 +1,40 @@
+use crate::helpers::parse_path;
+use clap::ArgMatches;
+use serde::Serialize;
+use ssz::Decode;
+use std::fs::File;
+use std::io::Read;
+use types::{EthSpec, SignedBeaconBlock};
+
+pub fn run<T: EthSpec>(matches: &ArgMatches) -> Result<(), String> {
+    let type_str = matches
+        .value_of("type")
+        .ok_or_else(|| "No type supplied".to_string())?;
+    let path = parse_path(matches, "path")?;
+
+    info!("Type: {:?}", type_str);
+
+    let mut bytes = vec![];
+    let mut file = File::open(&path).map_err(|e| format!("Unable to open {:?}: {}", path, e))?;
+    file.read_to_end(&mut bytes)
+        .map_err(|e| format!("Unable to read {:?}: {}", path, e))?;
+
+    match type_str {
+        "SignedBeaconBlock" => decode_and_print::<SignedBeaconBlock<T>>(&bytes)?,
+        other => return Err(format!("Unknown type: {}", other)),
+    };
+
+    Ok(())
+}
+
+fn decode_and_print<T: Decode + Serialize>(bytes: &[u8]) -> Result<(), String> {
+    let item = T::from_ssz_bytes(&bytes).map_err(|e| format!("Ssz decode failed: {:?}", e))?;
+
+    println!(
+        "{}",
+        serde_yaml::to_string(&item)
+            .map_err(|e| format!("Unable to write object to YAML: {:?}", e))?
+    );
+
+    Ok(())
+}