Coracle/nostrlib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

unsafe.String() on binary decoding is not safe.

Browse Source
This commit is contained in:
fiatjaf
2024-09-07 10:43:17 -03:00
parent f57d93ac78
commit e175e634c8
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
binary/hybrid.go
View File

@@ -4,7 +4,6 @@ import (
"encoding/binary" "encoding/binary"
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"unsafe"
"github.com/nbd-wtf/go-nostr" "github.com/nbd-wtf/go-nostr"
) )
@@ -23,7 +22,7 @@ func Unmarshal(data []byte, evt *nostr.Event) (err error) {
evt.CreatedAt = nostr.Timestamp(binary.BigEndian.Uint32(data[128:132])) evt.CreatedAt = nostr.Timestamp(binary.BigEndian.Uint32(data[128:132]))
evt.Kind = int(binary.BigEndian.Uint16(data[132:134])) evt.Kind = int(binary.BigEndian.Uint16(data[132:134]))
contentLength := int(binary.BigEndian.Uint16(data[134:136])) contentLength := int(binary.BigEndian.Uint16(data[134:136]))
evt.Content = unsafe.String(&data[136], contentLength) evt.Content = string(data[136 : 136+contentLength])
curr := 136 + contentLength curr := 136 + contentLength
@@ -39,7 +38,7 @@ func Unmarshal(data []byte, evt *nostr.Event) (err error) {
curr = curr + 1 curr = curr + 1
itemSize := int(binary.BigEndian.Uint16(data[curr : curr+2])) itemSize := int(binary.BigEndian.Uint16(data[curr : curr+2]))
itemStart := curr + 2 itemStart := curr + 2
item := unsafe.String(&data[itemStart], itemSize) item := string(data[itemStart : itemStart+itemSize])
tag[i] = item tag[i] = item
curr = itemStart + itemSize curr = itemStart + itemSize
} }