hypercore 10.20.1 → 10.20.2

package/lib/core.js

@@ -223,7 +223,7 @@ module.exports = class Core {
 
       this.tree.signature = signature || auth.sign(this.tree.signable())
 
-      if (signature && !this._signed(this.tree)) {
+      if (signature && !this._verifyBatch(this.tree)) {
         // TODO: how to handle signature failure?
         this.tree.signature = null
         throw INVALID_SIGNATURE('Clone was provided with an invalid signature')
@@ -423,17 +423,18 @@ module.exports = class Core {
     }
   }
 
-  _signed (batch, hash, auth = this.defaultAuth) {
+  _verifyBatch (batch) {
+    const hash = batch.hash()
     const signable = this._legacy ? batch.signableLegacy(hash) : batch.signable(hash)
-    return auth.verify(signable, batch.signature, batch)
-  }
+    const auth = this.defaultAuth
 
-  async _verifyExclusive ({ batch, bitfield, value, from }) {
-    // TODO: move this to tree.js
-    const hash = batch.hash()
-    if (!batch.signature || !this._signed(batch, hash)) {
+    if (!batch.signature || !auth.verify(signable, batch.signature, batch)) {
       throw INVALID_SIGNATURE('Proof contains an invalid signature')
     }
+  }
+
+  async _verifyExclusive ({ batch, bitfield, value, from }) {
+    this._verifyBatch(batch)
 
     await this._mutex.lock()
 
@@ -541,9 +542,7 @@ module.exports = class Core {
 
     const batch = this.tree.verifyFullyRemote(proof)
 
-    if (!batch.signature || !this._signed(batch, batch.hash())) {
-      throw INVALID_SIGNATURE('Proof contains an invalid signature with no input from us')
-    }
+    this._verifyBatch(batch)
 
     const remoteTreeHash = this.crypto.tree(proof.upgrade.nodes)
     const localTreeHash = this.crypto.tree(await this.tree.getRoots(proof.upgrade.length))
@@ -554,6 +553,14 @@ module.exports = class Core {
     return true
   }
 
+  async verifyReorg (proof) {
+    const batch = await this.tree.reorg(proof)
+
+    this._verifyBatch(batch)
+
+    return batch
+  }
+
   async verify (proof, from) {
     // We cannot apply "other forks" atm.
     // We should probably still try and they are likely super similar for non upgrades

package/lib/oplog.js

@@ -1,7 +1,7 @@
 const cenc = require('compact-encoding')
 const b4a = require('b4a')
 const { crc32 } = require('crc-universal')
-const { OPLOG_CORRUPT } = require('hypercore-errors')
+const { OPLOG_CORRUPT, OPLOG_HEADER_OVERFLOW } = require('hypercore-errors')
 
 module.exports = class Oplog {
   constructor (storage, { pageSize = 4096, headerEncoding = cenc.raw, entryEncoding = cenc.raw, readonly = false } = {}) {
@@ -155,6 +155,7 @@ module.exports = class Oplog {
     const bit = (this._headers[i] + 1) & 1
 
     this.headerEncoding.preencode(state, header)
+    if (state.end > this._pageSize) throw OPLOG_HEADER_OVERFLOW()
     state.buffer = b4a.allocUnsafe(state.end)
     this.headerEncoding.encode(state, header)
     this._addHeader(state, state.end - 8, bit, 0)

package/lib/replicator.js

@@ -1526,6 +1526,7 @@ module.exports = class Replicator {
   }
 
   async _onreorgdata (peer, req, data) {
+    const newBatch = data.upgrade && await this.core.verifyReorg(data)
     const f = this._addReorg(data.fork, peer)
 
     if (f === null) {
@@ -1538,7 +1539,7 @@ module.exports = class Replicator {
     if (f.batch) {
       await f.batch.update(data)
     } else if (data.upgrade) {
-      f.batch = await this.core.tree.reorg(data)
+      f.batch = newBatch
 
       // Remove "older" reorgs in progress as we just verified this one.
       this._clearOldReorgs(f.fork)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hypercore",
-  "version": "10.20.1",
+  "version": "10.20.2",
   "description": "Hypercore is a secure, distributed append-only log",
   "main": "index.js",
   "scripts": {
@@ -44,7 +44,7 @@
     "fast-fifo": "^1.3.0",
     "flat-tree": "^1.9.0",
     "hypercore-crypto": "^3.2.1",
-    "hypercore-errors": "^1.0.0",
+    "hypercore-errors": "^1.1.0",
     "is-options": "^1.0.1",
     "protomux": "^3.5.0",
     "quickbit-universal": "^2.1.1",