Merge pull request #2882 from jorgemmsilva/fix/misc

fix: (webapi) check offledger byte prefix before deserialization
iotaledger · Sep 19, 2023 · 7da6567 · 7da6567
2 parents 9a8f776 + 45a3287
commit 7da6567
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/packages/isc/requestimpl.go b/packages/isc/requestimpl.go
@@ -22,6 +22,14 @@ const (
 	requestKindOffLedgerEVMCall
 )
 
+func IsOffledgerKind(b byte) bool {
+	switch RequestKind(b) {
+	case requestKindOffLedgerISC, requestKindOffLedgerEVMTx:
+		return true
+	}
+	return false
+}
+
 func RequestFromBytes(data []byte) (Request, error) {
 	rr := rwutil.NewBytesReader(data)
 	return RequestFromReader(rr), rr.Err

diff --git a/packages/webapi/services/offledger.go b/packages/webapi/services/offledger.go
@@ -26,6 +26,10 @@ func NewOffLedgerService(chainService interfaces.ChainService, networkProvider p
 }
 
 func (c *OffLedgerService) ParseRequest(binaryRequest []byte) (isc.OffLedgerRequest, error) {
+	// check offledger kind (avoid deserialization otherwise)
+	if !isc.IsOffledgerKind(binaryRequest[0]) {
+		return nil, errors.New("error parsing request: off-ledger request expected")
+	}
 	request, err := isc.RequestFromBytes(binaryRequest)
 	if err != nil {
 		return nil, errors.New("error parsing request from payload")

diff --git a/tools/wasp-cli/chain/governance.go b/tools/wasp-cli/chain/governance.go
@@ -81,7 +81,7 @@ func initDisableFeePolicyCmd() *cobra.Command {
 	var chain string
 
 	cmd := &cobra.Command{
-		Use:   "disable-gas-policy",
+		Use:   "disable-feepolicy",
 		Short: "set token charged by each gas to free.",
 		Run: func(cmd *cobra.Command, args []string) {
 			node = waspcmd.DefaultWaspNodeFallback(node)