avoid Message::Protocols in webrtc_listener_negotiate()

Author: haikoschol

src/multistream_select/dialer_select.rs

@@ -24,6 +24,7 @@ use crate::{
     codec::unsigned_varint::UnsignedVarint,
     error::{self, Error, ParseError, SubstreamError},
     multistream_select::{
+        drain_trailing_protocols,
         protocol::{
             webrtc_encode_multistream_message, HeaderLine, Message, MessageIO, Protocol,
             ProtocolError, PROTO_MULTISTREAM_1_0,
@@ -418,6 +419,10 @@ impl WebRtcDialerState {
                     }
                 }
                 (HandshakeState::WaitingProtocol, Some(protocol)) => {
+                    if protocol == PROTO_MULTISTREAM_1_0 {
+                        return Err(crate::error::NegotiationError::StateMismatch);
+                    }
+
                     if self.protocol.as_bytes() == protocol.as_ref() {
                         return Ok(HandshakeResult::Succeeded(self.protocol.clone()));
                     }
@@ -440,68 +445,12 @@ impl WebRtcDialerState {
     }
 }
 
-fn drain_trailing_protocols(
-    mut remaining: Bytes,
-) -> Result<Vec<Protocol>, error::NegotiationError> {
-    let mut protocols = vec![];
-
-    loop {
-        if remaining.is_empty() {
-            break;
-        }
-
-        let (len, tail) = unsigned_varint::decode::usize(&remaining).map_err(|error| {
-            tracing::debug!(
-                    target: LOG_TARGET,
-                    ?error,
-                    message = ?remaining,
-                    "Failed to decode length-prefix in multistream message");
-            error::NegotiationError::ParseError(ParseError::InvalidData)
-        })?;
-
-        if len > tail.len() {
-            tracing::debug!(
-                target: LOG_TARGET,
-                message = ?tail,
-                length_prefix = len,
-                actual_length = tail.len(),
-                "Truncated multistream message",
-            );
-
-            return Err(error::NegotiationError::ParseError(ParseError::InvalidData));
-        }
-
-        let len_size = remaining.len() - tail.len();
-        let payload = remaining.slice(len_size..len_size + len);
-
-        match Message::decode(payload) {
-            Ok(Message::Protocol(protocol)) => protocols.push(protocol),
-            Err(error) => {
-                tracing::debug!(
-                    target: LOG_TARGET,
-                    ?error,
-                    message = ?tail[..len],
-                    "Failed to decode multistream message",
-                );
-                return Err(error::NegotiationError::ParseError(ParseError::InvalidData));
-            }
-            _ => return Err(error::NegotiationError::StateMismatch),
-        }
-
-        remaining = remaining.slice(len_size + len..);
-    }
-
-    Ok(protocols)
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;
     use crate::multistream_select::{listener_select_proto, protocol::MSG_MULTISTREAM_1_0};
     use bytes::BufMut;
     use std::time::Duration;
-    use tokio::net::{TcpListener, TcpStream};
-
     #[tokio::test]
     async fn select_proto_basic() {
         async fn run(version: Version) {

src/multistream_select/listener_select.rs

@@ -25,9 +25,10 @@ use crate::{
     codec::unsigned_varint::UnsignedVarint,
     error::{self, Error},
     multistream_select::{
+        drain_trailing_protocols,
         protocol::{
             webrtc_encode_multistream_message, HeaderLine, Message, MessageIO, Protocol,
-            ProtocolError,
+            ProtocolError, PROTO_MULTISTREAM_1_0,
         },
         Negotiated, NegotiationError,
     },
@@ -349,30 +350,14 @@ pub enum ListenerSelectResult {
 /// response and the negotiated protocol. If parsing fails or no match is found, return an error.
 pub fn webrtc_listener_negotiate<'a>(
     supported_protocols: &'a mut impl Iterator<Item = &'a ProtocolName>,
-    payload: Bytes,
+    mut payload: Bytes,
 ) -> crate::Result<ListenerSelectResult> {
-    let payload = if payload.len() > 2 && payload[0..payload.len() - 2] != b"\n\n"[..] {
-        let mut buf = BytesMut::from(payload);
-        buf.extend_from_slice(b"\n");
-        buf.freeze()
-    } else {
-        payload
-    };
-
-    let Message::Protocols(protocols) = Message::decode(payload).map_err(|_| Error::InvalidData)?
-    else {
-        return Err(Error::NegotiationError(
-            error::NegotiationError::MultistreamSelectError(NegotiationError::Failed),
-        ));
-    };
+    let protocols = drain_trailing_protocols(payload)?;
+    let mut protocol_iter = protocols.into_iter();
 
     // skip the multistream-select header because it's not part of user protocols but verify it's
     // present
-    let mut protocol_iter = protocols.into_iter();
-    let header =
-        Protocol::try_from(&b"/multistream/1.0.0"[..]).expect("valid multitstream-select header");
-
-    if protocol_iter.next() != Some(header) {
+    if protocol_iter.next() != Some(PROTO_MULTISTREAM_1_0) {
         return Err(Error::NegotiationError(
             error::NegotiationError::MultistreamSelectError(NegotiationError::Failed),
         ));
@@ -410,6 +395,8 @@ pub fn webrtc_listener_negotiate<'a>(
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::error;
+    use bytes::BufMut;
 
     #[test]
     fn webrtc_listener_negotiate_works() {
@@ -445,6 +432,21 @@ mod tests {
             ProtocolName::from("/13371338/proto/3"),
             ProtocolName::from("/13371338/proto/4"),
         ];
+        // The invalid message is really two multistream-select messages inside one `WebRtcMessage`:
+        // 1. the multistream-select header
+        // 2. an "ls response" message (that does not contain another header)
+        //
+        // This is invalid for two reasons:
+        // 1. It is malformed. Either the header is followed by one or more `Message::Protocol`
+        //    instances or the header is part of the "ls response".
+        // 2. This sequence of messages is not spec compliant. A listener receives one of the
+        //    following on an inbound substream:
+        //      - a multistream-select header followed by a `Message::Protocol` instance
+        //      - a multistream-select header followed by an "ls" message (<length prefix><ls><\n>)
+        //
+        // `webrtc_listener_negotiate()` should reject this invalid message. The error can either be
+        // `InvalidData` because the message is malformed or `StateMismatch` because the message is
+        // not expected at this point in the protocol.
         let message = webrtc_encode_multistream_message(std::iter::once(Message::Protocols(vec![
             Protocol::try_from(&b"/13371338/proto/1"[..]).unwrap(),
             Protocol::try_from(&b"/sup/proto/1"[..]).unwrap(),
@@ -453,7 +455,13 @@ mod tests {
         .freeze();
 
         match webrtc_listener_negotiate(&mut local_protocols.iter(), message) {
-            Err(error) => assert!(std::matches!(error, Error::InvalidData)),
+            Err(error) => assert!(std::matches!(
+                error,
+                // something has gone off the rails here...
+                Error::NegotiationError(error::NegotiationError::ParseError(
+                    error::ParseError::InvalidData
+                )),
+            )),
             _ => panic!("invalid event"),
         }
     }
@@ -474,7 +482,12 @@ mod tests {
         message.encode(&mut bytes).map_err(|_| Error::InvalidData).unwrap();
 
         match webrtc_listener_negotiate(&mut local_protocols.iter(), bytes.freeze()) {
-            Err(error) => assert!(std::matches!(error, Error::InvalidData)),
+            Err(error) => assert!(std::matches!(
+                error,
+                Error::NegotiationError(error::NegotiationError::ParseError(
+                    error::ParseError::InvalidData
+                )),
+            )),
             event => panic!("invalid event: {event:?}"),
         }
     }
@@ -491,14 +504,23 @@ mod tests {
 
         // header line missing
         let mut bytes = BytesMut::with_capacity(256);
-        let message = Message::Protocols(vec![
-            Protocol::try_from(&b"/13371338/proto/1"[..]).unwrap(),
-            Protocol::try_from(&b"/sup/proto/1"[..]).unwrap(),
-        ]);
-        message.encode(&mut bytes).map_err(|_| Error::InvalidData).unwrap();
+        vec![&b"/13371338/proto/1"[..], &b"/sup/proto/1"[..]]
+            .into_iter()
+            .for_each(|proto| {
+                bytes.put_u8((proto.len() + 1) as u8);
+
+                Message::Protocol(Protocol::try_from(proto).unwrap())
+                    .encode(&mut bytes)
+                    .unwrap();
+            });
 
         match webrtc_listener_negotiate(&mut local_protocols.iter(), bytes.freeze()) {
-            Err(error) => assert!(std::matches!(error, Error::InvalidData)),
+            Err(error) => assert!(std::matches!(
+                error,
+                Error::NegotiationError(error::NegotiationError::MultistreamSelectError(
+                    NegotiationError::Failed
+                ))
+            )),
             event => panic!("invalid event: {event:?}"),
         }
     }

src/multistream_select/mod.rs

@@ -75,16 +75,21 @@ mod listener_select;
 mod negotiated;
 mod protocol;
 
+use crate::error::{self, ParseError};
 pub use crate::multistream_select::{
     dialer_select::{dialer_select_proto, DialerSelectFuture, HandshakeResult, WebRtcDialerState},
     listener_select::{
         listener_select_proto, webrtc_listener_negotiate, ListenerSelectFuture,
         ListenerSelectResult,
     },
     negotiated::{Negotiated, NegotiatedComplete, NegotiationError},
-    protocol::{HeaderLine, Message, Protocol, ProtocolError},
+    protocol::{HeaderLine, Message, Protocol, ProtocolError, PROTO_MULTISTREAM_1_0},
 };
 
+use bytes::Bytes;
+
+const LOG_TARGET: &str = "litep2p::multistream-select";
+
 /// Supported multistream-select versions.
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
 pub enum Version {
@@ -132,3 +137,63 @@ impl Default for Version {
         Version::V1
     }
 }
+
+// This function is only used in the WebRTC transport. It expects one or more multistream-select
+// messages in `remaining` and returns a list of protocols that were decoded from them.
+fn drain_trailing_protocols(
+    mut remaining: Bytes,
+) -> Result<Vec<Protocol>, error::NegotiationError> {
+    let mut protocols = vec![];
+
+    loop {
+        if remaining.is_empty() {
+            break;
+        }
+
+        let (len, tail) = unsigned_varint::decode::usize(&remaining).map_err(|error| {
+            tracing::debug!(
+                    target: LOG_TARGET,
+                    ?error,
+                    message = ?remaining,
+                    "Failed to decode length-prefix in multistream message");
+            error::NegotiationError::ParseError(ParseError::InvalidData)
+        })?;
+
+        if len > tail.len() {
+            tracing::debug!(
+                target: LOG_TARGET,
+                message = ?tail,
+                length_prefix = len,
+                actual_length = tail.len(),
+                "Truncated multistream message",
+            );
+
+            return Err(error::NegotiationError::ParseError(ParseError::InvalidData));
+        }
+
+        let len_size = remaining.len() - tail.len();
+        let payload = remaining.slice(len_size..len_size + len);
+        let res = Message::decode(payload);
+
+        match res {
+            Ok(Message::Header(HeaderLine::V1)) => protocols.push(PROTO_MULTISTREAM_1_0),
+            Ok(Message::Protocol(protocol)) => protocols.push(protocol),
+            Ok(Message::Protocols(_)) =>
+                return Err(error::NegotiationError::ParseError(ParseError::InvalidData)),
+            Err(error) => {
+                tracing::debug!(
+                    target: LOG_TARGET,
+                    ?error,
+                    message = ?tail[..len],
+                    "Failed to decode multistream message",
+                );
+                return Err(error::NegotiationError::ParseError(ParseError::InvalidData));
+            }
+            _ => return Err(error::NegotiationError::StateMismatch),
+        }
+
+        remaining = remaining.slice(len_size + len..);
+    }
+
+    Ok(protocols)
+}

src/multistream_select/protocol.rs

@@ -55,7 +55,7 @@ const MSG_PROTOCOL_NA: &[u8] = b"na\n";
 /// The encoded form of a multistream-select 'ls' message.
 const MSG_LS: &[u8] = b"ls\n";
 /// A Protocol instance for the `/multistream/1.0.0` header line.
-pub const PROTO_MULTISTREAM_1_0: Protocol = Protocol(Bytes::from_static(MSG_MULTISTREAM_1_0));
+pub const PROTO_MULTISTREAM_1_0: Protocol = Protocol(Bytes::from_static(b"/multistream/1.0.0"));
 /// Logging target.
 const LOG_TARGET: &str = "litep2p::multistream-select";