mleku/next.orly.dev
1
0
Fork 1
Code Issues 5 Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Fix corrupted events with zero-filled IDs/pubkeys/sigs (v0.47.1)
Some checks failed
Go / build-and-release (push) Has been cancelled
Details

Browse Source 
- Add validation in GetEventIdBySerial to ensure sei value is 32 bytes
- Fix fallback-to-legacy bug: return error instead of attempting legacy
  unmarshal on compact format data when event ID lookup fails
- Add upfront validation in UnmarshalCompactEvent for eventId length
- Prevents events with all-zero IDs from being returned to clients

Files modified:
- pkg/database/serial_cache.go: Validate sei value is exactly 32 bytes
- pkg/database/fetch-events-by-serials.go: Return error for compact format
  when eventId missing instead of falling back to legacy unmarshal
- pkg/database/fetch-event-by-serial.go: Same fix for single event fetch
- pkg/database/compact_event.go: Validate eventId is 32 bytes upfront
- pkg/version/version: Bump to v0.47.1

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
woikos
2026-01-06 05:51:34 +01:00
parent 047cdf3472
commit 8dfd25613d
5 changed files with 30 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/database/fetch-event-by-serial.go
View File

@@ -44,9 +44,12 @@ func (d *D) FetchEventBySerial(ser *types.Uint40) (ev *event.E, err error) {
// Check if this is compact format
if len(eventData) > 0 && eventData[0] == CompactFormatVersion {
eventId, idErr := d.GetEventIdBySerial(ser)
if idErr == nil {
return UnmarshalCompactEvent(eventData, eventId, resolver)
if idErr != nil {
// Cannot decode compact format without event ID - return error
// DO NOT fall back to legacy unmarshal as compact format is not valid legacy format
return nil, fmt.Errorf("compact format inline but no event ID mapping for serial %d: %w", ser.Get(), idErr)
}
return UnmarshalCompactEvent(eventData, eventId, resolver)
}
// Legacy binary format
@@ -106,10 +109,14 @@ func (d *D) FetchEventBySerial(ser *types.Uint40) (ev *event.E, err error) {
// Check if this is compact format
if len(v) > 0 && v[0] == CompactFormatVersion {
eventId, idErr := d.GetEventIdBySerial(ser)
if idErr == nil {
ev, err = UnmarshalCompactEvent(v, eventId, resolver)
if idErr != nil {
// Cannot decode compact format without event ID - return error
// DO NOT fall back to legacy unmarshal as compact format is not valid legacy format
err = fmt.Errorf("compact format evt but no event ID mapping for serial %d: %w", ser.Get(), idErr)
return
}
ev, err = UnmarshalCompactEvent(v, eventId, resolver)
return
}
// Check if we have valid data before attempting to unmarshal