From f67f39a3eb5ec0ce0ad2a3d74deab820a927f212 Mon Sep 17 00:00:00 2001
From: Jeromy <why@ipfs.io>
Date: Tue, 5 Jul 2016 13:24:13 -0700
Subject: [PATCH] better checking of dht keys

License: MIT
Signed-off-by: Jeromy <why@ipfs.io>
---
 routing/record/validation.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/routing/record/validation.go b/routing/record/validation.go
index 16bf60090c80..b9b49b73d2e8 100644
--- a/routing/record/validation.go
+++ b/routing/record/validation.go
@@ -3,10 +3,12 @@ package record
 import (
 	"bytes"
 	"errors"
+	"fmt"
 
 	key "github.com/ipfs/go-ipfs/blocks/key"
 	path "github.com/ipfs/go-ipfs/path"
 	pb "github.com/ipfs/go-ipfs/routing/dht/pb"
+	mh "github.com/jbenet/go-multihash"
 	ci "gx/ipfs/QmUWER4r4qMvaCnX5zREcfyiWN7cXN9g3a7fkRqNz8qWPP/go-libp2p-crypto"
 	u "gx/ipfs/QmZNVWh8LLjAavuQ2JXuFmuYH3C11xo988vSgp7UQrTRj1/go-ipfs-util"
 )
@@ -73,7 +75,7 @@ func (v Validator) IsSigned(k key.Key) (bool, error) {
 // verifies that the passed in record value is the PublicKey
 // that matches the passed in key.
 func ValidatePublicKeyRecord(k key.Key, val []byte) error {
-	if len(k) != 38 {
+	if len(k) < 5 {
 		return errors.New("invalid public key record key")
 	}
 
@@ -83,6 +85,9 @@ func ValidatePublicKeyRecord(k key.Key, val []byte) error {
 	}
 
 	keyhash := []byte(k[4:])
+	if _, err := mh.Cast(keyhash); err != nil {
+		return fmt.Errorf("key did not contain valid multihash: %s", err)
+	}
 
 	pkh := u.Hash(val)
 	if !bytes.Equal(keyhash, pkh) {