don't reprovide inssecure hashes

License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
2026-03-09 18:28:08 +08:00 · 2018-03-05 02:58:08 +01:00 · 2018-03-05 02:58:08 +01:00 · 45272790a2
commit 45272790a2
parent 60018d3ee8
1 changed files with 7 additions and 0 deletions
--- a/exchange/reprovide/reprovide.go
+++ b/exchange/reprovide/reprovide.go
@ -5,6 +5,8 @@ import (
 	"fmt"
 	"time"

+	"github.com/ipfs/go-ipfs/thirdparty/verifcid"
+
 	backoff "gx/ipfs/QmPJUtEJsm5YLUWhF6imvyCH8KZXRJa9Wup7FDMwTy5Ufz/backoff"
 	logging "gx/ipfs/QmRb5jh8z2E8hMGN2tkvs1yHynUanqnZ3UeKwgN1i9P1F8/go-log"
 	routing "gx/ipfs/QmTiWLZ6Fo5j4KcTVutZJ5KWRRJrbxzmxA4td8NfEdrPh7/go-libp2p-routing"
@ -83,6 +85,11 @@ func (rp *Reprovider) Reprovide() error {
 		return fmt.Errorf("Failed to get key chan: %s", err)
 	}
 	for c := range keychan {
+		// hash security
+		if err := verifcid.ValidateCid(c); err != nil {
+			log.Errorf("insecure hash in reprovider, %s (%s)", c, err)
+			continue
+		}
 		op := func() error {
 			err := rp.rsys.Provide(rp.ctx, c, true)
 			if err != nil {