guard event and filter decoders against bad-sized hexes.

2025-06-25 11:10:48 -03:00
parent 027d016d97
commit 67c787c8d3
2 changed files with 20 additions and 5 deletions
--- a/event_easyjson.go
+++ b/event_easyjson.go
@@ -27,9 +27,15 @@ func easyjsonDecodeEvent(in *jlexer.Lexer, out *Event) {
 		}
 		switch key {
 		case "id":
-			hex.Decode(out.ID[:], in.UnsafeBytes())
+			b := in.UnsafeBytes()
+			if len(b) == 32 {
+				hex.Decode(out.ID[:], b)
+			}
 		case "pubkey":
-			hex.Decode(out.PubKey[:], in.UnsafeBytes())
+			b := in.UnsafeBytes()
+			if len(b) == 32 {
+				hex.Decode(out.PubKey[:], b)
+			}
 		case "created_at":
 			out.CreatedAt = Timestamp(in.Int64())
 		case "kind":
@@ -65,7 +71,10 @@ func easyjsonDecodeEvent(in *jlexer.Lexer, out *Event) {
 		case "content":
 			out.Content = in.String()
 		case "sig":
-			hex.Decode(out.Sig[:], in.UnsafeBytes())
+			b := in.UnsafeBytes()
+			if len(b) == 64 {
+				hex.Decode(out.Sig[:], b)
+			}
 		}
 		in.WantComma()
 	}
--- a/filter_easyjson.go
+++ b/filter_easyjson.go
@@ -40,7 +40,10 @@ func easyjsonDecodeFilter(in *jlexer.Lexer, out *Filter) {
 			}
 			for !in.IsDelim(']') {
 				id := [32]byte{}
-				hex.Decode(id[:], in.UnsafeBytes())
+				b := in.UnsafeBytes()
+				if len(b) == 32 {
+					hex.Decode(id[:], b)
+				}
 				out.IDs = append(out.IDs, id)
 				in.WantComma()
 			}
@@ -74,7 +77,10 @@ func easyjsonDecodeFilter(in *jlexer.Lexer, out *Filter) {
 			}
 			for !in.IsDelim(']') {
 				pk := [32]byte{}
-				hex.Decode(pk[:], in.UnsafeBytes())
+				b := in.UnsafeBytes()
+				if len(b) == 32 {
+					hex.Decode(pk[:], b)
+				}
 				out.Authors = append(out.Authors, pk)
 				in.WantComma()
 			}