Skip to content

TK-727 add sanity-checks for boc header #464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
domikedos merged 2 commits into from
Apr 1, 2026
Merged

TK-727 add sanity-checks for boc header #464

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5ee95ce
add sanity-checks for boc header
domikedos Apr 1, 2026
1cdaa5b
set larger max cells count limit
domikedos Apr 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions boc/boc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ const depthSize = 2
const maxLevel = 3
const maxDepth = 1024
const maxCellWhs = 64
const minCellSize = 4
const minTotCellsSize = 2
const maxCellsCount = 131072

var crcTable = crc32.MakeTable(crc32.Castagnoli)

Expand Down Expand Up @@ -99,6 +102,10 @@ func parseBocHeader(boc []byte) (*bocHeader, error) {
return nil, errors.New("not enough bytes for encoding cells counters")
}

if sizeBytes > minCellSize {
return nil, errors.New("invalid cell size value")
}

offsetBytes := int(boc[0])
boc = boc[1:]
cellsCount := readNBytesUIntFromArray(sizeBytes, boc)
Expand All @@ -114,6 +121,18 @@ func parseBocHeader(boc []byte) (*bocHeader, error) {
return nil, errors.New("not enough bytes for encoding root cells hashes")
}

if totCellsSize < minTotCellsSize {
return nil, errors.New("invalid cell data size value")
}

if 2*cellsCount > totCellsSize {
return nil, errors.New("not enough bytes for encoding all cells data")
}

if cellsCount > maxCellsCount {
return nil, errors.New("boc is too large")
}

// Roots
rootList := make([]uint, 0, rootsCount)
for i := 0; i < int(rootsCount); i++ {
Expand Down
41 changes: 41 additions & 0 deletions boc/boc_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -383,3 +383,44 @@ func Test_bagOfCells_serializeBoc(t *testing.T) {
})
}
}

func Test_bagOfCells_invalidCellDeserialize(t *testing.T) {
tests := []struct {
name string
hexBoc string
err string
}{
{
name: "boc with invalid large size bytes",
hexBoc: "b5ee9c720501010100020000001231231231232131231231231231231231231231",
err: "invalid cell size value",
},
{
name: "boc with invalid small tot_cells_size",
hexBoc: "b5ee9c72010101010001000000",
err: "invalid cell data size value",
},
{
name: "boc with invalid large amount with cells",
hexBoc: "b5ee9c720101ff010002000000",
err: "not enough bytes for encoding all cells data",
},
{
name: "too large boc",
hexBoc: "b5ee9c7204fffffffffe010002000000123123123123213123123123123123123123123123123123123123" + strings.Repeat("1234", 33565456),
err: "boc is too large",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
bocBytes, err := hex.DecodeString(tt.hexBoc)
if err != nil {
t.Fatalf("failed to decode boc: %v", err)
}
_, err = DeserializeBoc(bocBytes)
if err == nil || err.Error() != tt.err {
t.Fatalf("invalid error: %v", err)
}
})
}
}
Loading