From 735db08f8449c90b357cb016c92af470eb9a1cd1 Mon Sep 17 00:00:00 2001 From: Anna Shaleva Date: Fri, 7 Oct 2022 16:06:12 +0300 Subject: [PATCH] services: adjust RPC server's getHistoricParams Update documentation and add index upper bound check to get rid of CodeQL warning. --- pkg/services/rpcsrv/server.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkg/services/rpcsrv/server.go b/pkg/services/rpcsrv/server.go index f3c0601b8..fbc19bd90 100644 --- a/pkg/services/rpcsrv/server.go +++ b/pkg/services/rpcsrv/server.go @@ -2002,8 +2002,8 @@ func (s *Server) getInvokeContractVerifyParams(reqParams params.Params) (util.Ui return scriptHash, tx, invocationScript, nil } -// getHistoricParams checks that historic calls are supported and returns fake block -// with the specified index to perform the historic call. It also checks that +// getHistoricParams checks that historic calls are supported and returns index of +// a fake next block to perform the historic call. It also checks that // specified stateroot is stored at the specified height for further request // handling consistency. func (s *Server) getHistoricParams(reqParams params.Params) (uint32, *neorpc.Error) { @@ -2030,6 +2030,9 @@ func (s *Server) getHistoricParams(reqParams params.Params) (uint32, *neorpc.Err height = int(b.Index) } } + if height > math.MaxUint32 { + return 0, neorpc.NewInvalidParamsError("historic height exceeds max uint32 value") + } return uint32(height) + 1, nil }