From 8a17f2ebddc641a2999e0f5315ac16cdb095dd7a Mon Sep 17 00:00:00 2001 From: Ethen Date: Fri, 10 Jan 2025 01:28:54 +0700 Subject: [PATCH 1/2] fix(sigmap-EDAP-04): Add IO parsing size constraint on incoming request bodies (#227) * fix(sigmap-EDAP-04): Add IO parsing size constraint on incoming request bodies * fix(sigmap-EDAP-04): Add IO parsing size constraint on incoming request bodies - address PR feedback --- server/handlers.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/server/handlers.go b/server/handlers.go index d1acb29..f08f24a 100644 --- a/server/handlers.go +++ b/server/handlers.go @@ -12,6 +12,11 @@ import ( "github.com/gorilla/mux" ) +const ( + // limit requests to only 32 mib to mitigate potential DoS attacks + maxRequestBodySize int64 = 1024 * 1024 * 32 +) + func (svr *Server) handleHealth(w http.ResponseWriter, _ *http.Request) error { w.WriteHeader(http.StatusOK) return nil @@ -164,7 +169,7 @@ func (svr *Server) handlePostOPGenericCommitment(w http.ResponseWriter, r *http. func (svr *Server) handlePostShared(w http.ResponseWriter, r *http.Request, comm []byte, meta commitments.CommitmentMeta) error { svr.log.Info("Processing POST request", "commitment", hex.EncodeToString(comm), "commitmentMeta", meta) - input, err := io.ReadAll(r.Body) + input, err := io.ReadAll(http.MaxBytesReader(w, r.Body, maxRequestBodySize)) if err != nil { err = MetaError{ Err: fmt.Errorf("failed to read request body: %w", err), From cc1b3042f3ece7a16d92c7283bbaebd53e061f08 Mon Sep 17 00:00:00 2001 From: Ethen Date: Fri, 10 Jan 2025 01:41:13 +0700 Subject: [PATCH 2/2] fix(sigmap-EDAP-04): Miscellaneous General Comments (#228) * fix(sigmap-EDAP-04): Miscellaneous General Comments * fix(sigmap-EDAP-04): Miscellaneous General Comments - address PR feedback --- verify/cli.go | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/verify/cli.go b/verify/cli.go index 39b994d..d931e43 100644 --- a/verify/cli.go +++ b/verify/cli.go @@ -11,17 +11,13 @@ import ( "github.com/Layr-Labs/eigenda/encoding/kzg" ) -var ( +const ( BytesPerSymbol = 31 MaxCodingRatio = 8 - MaxSRSPoints = 1 << 28 // 2^28 - MaxAllowedBlobSize = uint64(MaxSRSPoints * BytesPerSymbol / MaxCodingRatio) + SrsOrder = 1 << 28 // 2^28 + MaxAllowedBlobSize = uint64(SrsOrder * BytesPerSymbol / MaxCodingRatio) ) -// TODO: should this live in the resources pkg? -// So that if we ever change the SRS files there we can change this value -const srsOrder = 268435456 // 2 ^ 32 - var ( // cert verification flags CertVerificationDisabledFlagName = withFlagPrefix("cert-verification-disabled") @@ -125,7 +121,7 @@ func ReadConfig(ctx *cli.Context, edaClientConfig clients.EigenDAClientConfig) C G1Path: ctx.String(G1PathFlagName), G2PowerOf2Path: ctx.String(G2PowerOf2PathFlagName), CacheDir: ctx.String(CachePathFlagName), - SRSOrder: srsOrder, + SRSOrder: SrsOrder, SRSNumberToLoad: MaxBlobLengthBytes / 32, // # of fr.Elements NumWorker: uint64(runtime.GOMAXPROCS(0)), // #nosec G115 }