Deserialization fixes

algorithms/src/merkle_tree/merkle_path.rs

@@ -125,16 +125,22 @@ impl<P: MerkleParameters> FromBytes for MerklePath<P> {
         //  If you are seeing this message, please be proactive in bringing it up :)
         let parameters = {
             let setup_message_length: u64 = FromBytes::read_le(&mut reader)?;
+            if setup_message_length > 1024 * 1024 * 10 {
+                return Err(std::io::ErrorKind::InvalidData.into());
+            }
 
             let mut setup_message_bytes = vec![0u8; setup_message_length as usize];
             reader.read_exact(&mut setup_message_bytes)?;
-            let setup_message =
-                String::from_utf8(setup_message_bytes).expect("Failed to parse setup message for Merkle parameters");
+            let setup_message = String::from_utf8(setup_message_bytes).map_err(|_| std::io::ErrorKind::InvalidData)?;
 
             Arc::new(P::setup(&setup_message))
         };
 
         let path_length: u64 = FromBytes::read_le(&mut reader)?;
+        if path_length > 1024 * 1024 * 10 {
+            return Err(std::io::ErrorKind::InvalidData.into());
+        }
+
         let mut path = Vec::with_capacity(path_length as usize);
         for _ in 0..path_length {
             path.push(FromBytes::read_le(&mut reader)?);

dpc/src/posw/proof.rs

@@ -70,7 +70,8 @@ impl<N: Network> PoSWProof<N> {
         match self {
             Self::NonHiding(proof) => {
                 // Ensure the proof is valid.
-                if !<<N as Network>::PoSWSNARK as SNARK>::verify(verifying_key, &inputs.to_vec(), proof).unwrap() {
+                let check = <<N as Network>::PoSWSNARK as SNARK>::verify(verifying_key, &inputs.to_vec(), proof);
+                if check.is_err() || !check.unwrap() {
                     #[cfg(debug_assertions)]
                     eprintln!("PoSW proof verification failed");
                     return false;

dpc/src/record/ciphertext.rs

@@ -150,6 +150,12 @@ impl<N: Network> FromBytes for Ciphertext<N> {
         let record_view_key_commitment = N::RecordViewKeyCommitment::read_le(&mut reader)?;
 
         let num_elements: u32 = FromBytes::read_le(&mut reader)?;
+
+        // Reject values greater than the expected maximum count.
+        if num_elements > 1000 {
+            return Err(std::io::ErrorKind::InvalidData.into());
+        }
+
         let mut record_elements = Vec::with_capacity(num_elements as usize);
         for _ in 0..num_elements {
             record_elements.push(FromBytes::read_le(&mut reader)?);

dpc/src/transaction/transaction.rs

@@ -348,8 +348,10 @@ impl<N: Network> FromBytes for Transaction<N> {
             transitions.push(FromBytes::read_le(&mut reader)?);
         }
 
-        Ok(Self::from(input_circuit_id, output_circuit_id, ledger_root, transitions)
-            .expect("Failed to deserialize a transaction"))
+        let tx = Self::from(input_circuit_id, output_circuit_id, ledger_root, transitions)
+            .map_err(|_| std::io::ErrorKind::InvalidData)?;
+
+        Ok(tx)
     }
 }
 

dpc/src/transaction/transition.rs

@@ -396,12 +396,20 @@ impl<N: Network> FromBytes for Transition<N> {
         let transition_id: N::TransitionID = FromBytes::read_le(&mut reader)?;
 
         let num_input_records: u32 = FromBytes::read_le(&mut reader)?;
+        if num_input_records > 1000 {
+            return Err(std::io::ErrorKind::InvalidData.into());
+        }
+
         let mut serial_numbers = Vec::<N::SerialNumber>::with_capacity(num_input_records as usize);
         for _ in 0..num_input_records {
             serial_numbers.push(FromBytes::read_le(&mut reader)?);
         }
 
         let num_output_records: u32 = FromBytes::read_le(&mut reader)?;
+        if num_output_records > 1000 {
+            return Err(std::io::ErrorKind::InvalidData.into());
+        }
+
         let mut ciphertexts = Vec::<N::RecordCiphertext>::with_capacity(num_output_records as usize);
         for _ in 0..num_output_records {
             ciphertexts.push(FromBytes::read_le(&mut reader)?);
@@ -429,7 +437,7 @@ impl<N: Network> FromBytes for Transition<N> {
 
         let execution: Execution<N> = FromBytes::read_le(&mut reader)?;
 
-        Ok(Self::from(
+        Self::from(
             transition_id,
             serial_numbers,
             ciphertexts,
@@ -440,7 +448,7 @@ impl<N: Network> FromBytes for Transition<N> {
             events,
             execution,
         )
-        .expect("Failed to deserialize a transition from bytes"))
+        .map_err(|_| std::io::ErrorKind::InvalidData.into())
     }
 }
 

dpc/src/virtual_machine/event.rs

@@ -63,7 +63,7 @@ impl<N: Network> FromBytes for Event<N> {
                 Ok(Self::RecordViewKey(index, record_view_key))
             }
             2 => Ok(Self::Operation(FromBytes::read_le(&mut reader)?)),
-            _ => unreachable!("Invalid event ID during deserialization"),
+            _ => Err(std::io::ErrorKind::InvalidData.into()),
         }
     }
 }

dpc/src/virtual_machine/execution.rs

@@ -145,12 +145,20 @@ impl<N: Network> FromBytes for Execution<N> {
         };
 
         let num_input_proofs: u32 = FromBytes::read_le(&mut reader)?;
+        if num_input_proofs > 1000 {
+            return Err(std::io::ErrorKind::InvalidData.into());
+        }
+
         let mut input_proofs = Vec::with_capacity(num_input_proofs as usize);
         for _ in 0..num_input_proofs {
             input_proofs.push(FromBytes::read_le(&mut reader)?);
         }
 
         let num_output_proofs: u32 = FromBytes::read_le(&mut reader)?;
+        if num_output_proofs > 1000 {
+            return Err(std::io::ErrorKind::InvalidData.into());
+        }
+
         let mut output_proofs = Vec::with_capacity(num_output_proofs as usize);
         for _ in 0..num_output_proofs {
             output_proofs.push(FromBytes::read_le(&mut reader)?);

dpc/src/virtual_machine/operation.rs

@@ -106,7 +106,7 @@ impl<N: Network> FromBytes for Operation<N> {
                 let function_inputs = FromBytes::read_le(&mut reader)?;
                 Ok(Self::Evaluate(function_id, function_inputs))
             }
-            _ => unreachable!("Invalid operation during deserialization"),
+            _ => Err(std::io::ErrorKind::InvalidData.into()),
         }
     }
 }

utilities/src/serialize/impls.rs

@@ -26,7 +26,7 @@ pub use crate::{
 };
 use crate::{serialize::traits::*, SerializationError};
 
-use std::{borrow::Cow, collections::BTreeMap, rc::Rc, sync::Arc};
+use std::{borrow::Cow, collections::BTreeMap, mem, rc::Rc, sync::Arc};
 
 impl CanonicalSerialize for bool {
     #[inline]
@@ -294,6 +294,11 @@ impl<T: CanonicalDeserialize> CanonicalDeserialize for Vec<T> {
     #[inline]
     fn deserialize<R: Read>(reader: &mut R) -> Result<Self, SerializationError> {
         let len = u64::deserialize(reader)?;
+
+        if mem::size_of::<T>().saturating_mul(len as usize) > 1024 * 1024 * 1024 {
+            return Err(SerializationError::InvalidData);
+        }
+
         let mut values = Vec::with_capacity(len as usize);
         for _ in 0..len {
             values.push(T::deserialize(reader)?);
@@ -304,6 +309,11 @@ impl<T: CanonicalDeserialize> CanonicalDeserialize for Vec<T> {
     #[inline]
     fn deserialize_uncompressed<R: Read>(reader: &mut R) -> Result<Self, SerializationError> {
         let len = u64::deserialize(reader)?;
+
+        if mem::size_of::<T>().saturating_mul(len as usize) > 1024 * 1024 * 1024 {
+            return Err(SerializationError::InvalidData);
+        }
+
         let mut values = Vec::with_capacity(len as usize);
         for _ in 0..len {
             values.push(T::deserialize_uncompressed(reader)?);