diff --git a/blockservice/blockservice.go b/blockservice/blockservice.go index 3b9f203eb06..b40c6647341 100644 --- a/blockservice/blockservice.go +++ b/blockservice/blockservice.go @@ -251,15 +251,22 @@ func (s *blockService) GetBlocks(ctx context.Context, ks []*cid.Cid) <-chan bloc func getBlocks(ctx context.Context, ks []*cid.Cid, bs blockstore.Blockstore, f exchange.Fetcher) <-chan blocks.Block { out := make(chan blocks.Block) - for _, c := range ks { - // hash security - if err := verifcid.ValidateCid(c); err != nil { - log.Errorf("unsafe CID (%s) passed to blockService.GetBlocks: %s", c, err) - } - } go func() { defer close(out) + + k := 0 + for _, c := range ks { + // hash security + if err := verifcid.ValidateCid(c); err == nil { + ks[k] = c + k++ + } else { + log.Errorf("unsafe CID (%s) passed to blockService.GetBlocks: %s", c, err) + } + } + ks = ks[:k] + var misses []*cid.Cid for _, c := range ks { hit, err := bs.Get(c) diff --git a/test/sharness/t0275-cid-security-data/CIQG6PGTD2VV34S33BE4MNCQITBRFYUPYQLDXYARR3DQW37MOT7K5XI.data b/test/sharness/t0275-cid-security-data/CIQG6PGTD2VV34S33BE4MNCQITBRFYUPYQLDXYARR3DQW37MOT7K5XI.data new file mode 100644 index 00000000000..e834edb3889 --- /dev/null +++ b/test/sharness/t0275-cid-security-data/CIQG6PGTD2VV34S33BE4MNCQITBRFYUPYQLDXYARR3DQW37MOT7K5XI.data @@ -0,0 +1,3 @@ + +Ô +Um \ No newline at end of file diff --git a/test/sharness/t0275-cid-security.sh b/test/sharness/t0275-cid-security.sh index 318e3e43961..3da56261b14 100755 --- a/test/sharness/t0275-cid-security.sh +++ b/test/sharness/t0275-cid-security.sh @@ -71,6 +71,16 @@ test_gc test_launch_ipfs_daemon test_cat_get test_gc + +test_expect_success "add block linking to insecure" ' + mkdir -p "$IPFS_PATH/blocks/5X" && + cp -f "../t0275-cid-security-data/CIQG6PGTD2VV34S33BE4MNCQITBRFYUPYQLDXYARR3DQW37MOT7K5XI.data" "$IPFS_PATH/blocks/5X" +' + +test_expect_success "ipfs cat fails with code 1 and not timeout" ' + test_expect_code 1 go-timeout 1s ipfs cat QmVpsktzNeJdfWEpyeix93QJdQaBSgRNxebSbYSo9SQPGx +' + test_kill_ipfs_daemon test_done