Merge v0.21.1 (#203)

* Make `ClientType` allow any string value (#189) * ClientType now wraps a str * Make ClientType accept any string * doctest * changelog * use client_type() fn instead of constant * use client_type() for mock * release v0.21.0 (#192) * release v0.21.0 * version bumped to 0.21.0 * contributing edit * Update .changelog/v0.21.0/summary.md Co-authored-by: Romain Ruetschi <romain@informal.systems> Signed-off-by: Philippe Laferrière <plafer@protonmail.com> * Update CHANGELOG.md Co-authored-by: Romain Ruetschi <romain@informal.systems> Signed-off-by: Philippe Laferrière <plafer@protonmail.com> Signed-off-by: Philippe Laferrière <plafer@protonmail.com> Co-authored-by: Romain Ruetschi <romain@informal.systems> * Packet data must not be assumed to be valid UTF-8 (#200) * Add failing test * fix the bug * changelog * fmt * Reword a couple messages Signed-off-by: Romain Ruetschi <romain.ruetschi@gmail.com> Co-authored-by: Romain Ruetschi <romain@informal.systems> * Release v0.21.1 (#202) * release v0.21.1 * bump to version 0.21.1 Signed-off-by: Philippe Laferrière <plafer@protonmail.com> Signed-off-by: Romain Ruetschi <romain.ruetschi@gmail.com> Co-authored-by: Romain Ruetschi <romain@informal.systems>
cosmos · Oct 27, 2022 · 17df822 · 17df822
1 parent fa89bc2
commit 17df822
Show file tree

Hide file tree

Showing 8 changed files with 46 additions and 4 deletions.
diff --git a/.changelog/v0.21.1/bug-fixes/199-non-utf8-packet-data.md b/.changelog/v0.21.1/bug-fixes/199-non-utf8-packet-data.md
@@ -0,0 +1,2 @@
+- No longer panic when packet data is not valid UTF-8
+  ([#199](https://github.com/cosmos/ibc-rs/issues/199))
diff --git a/.changelog/v0.21.1/summary.md b/.changelog/v0.21.1/summary.md
@@ -0,0 +1 @@
+This release fixes a critical vulnerability. It is strongly advised to upgrade.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,16 @@
 # CHANGELOG
 
+## v0.21.1
+
+*October 27, 2022*
+
+This release fixes a critical vulnerability. It is strongly advised to upgrade.
+
+### BUG FIXES
+
+- No longer panic when packet data is not valid UTF-8
+  ([#199](https://github.com/cosmos/ibc-rs/issues/199))
+
 ## v0.21.0
 
 *October 24, 2022*

diff --git a/crates/ibc/Cargo.toml b/crates/ibc/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name         = "ibc"
-version      = "0.21.0"
+version      = "0.21.1"
 edition      = "2021"
 license      = "Apache-2.0"
 readme       = "README.md"

diff --git a/crates/ibc/src/core/ics04_channel/error.rs b/crates/ibc/src/core/ics04_channel/error.rs
@@ -83,6 +83,9 @@ define_error! {
         ZeroPacketData
             | _ | { "packet data bytes cannot be empty" },
 
+        NonUtf8PacketData
+            | _ | { "packet data bytes must be valid UTF-8 (this restriction will be lifted in the future)" },
+
         InvalidTimeoutHeight
             | _ | { "invalid timeout height for the packet" },
 

diff --git a/crates/ibc/src/core/ics04_channel/events.rs b/crates/ibc/src/core/ics04_channel/events.rs
@@ -91,8 +91,11 @@ impl TryFrom<Packet> for Vec<Tag> {
                 .unwrap(),
         };
         attributes.push(timeout_timestamp);
-        let val =
-            String::from_utf8(p.data).expect("hex-encoded string should always be valid UTF-8");
+
+        // Note: this attribute forces us to assume that Packet data is valid UTF-8, even
+        // though the standard doesn't require it. It has been deprecated in ibc-go,
+        // and we will deprecate it in v0.22.0. It will be removed in the future.
+        let val = String::from_utf8(p.data).map_err(|_| Error::non_utf8_packet_data())?;
         let packet_data = Tag {
             key: PKT_DATA_ATTRIBUTE_KEY.parse().unwrap(),
             value: val.parse().unwrap(),

diff --git a/crates/ibc/src/events.rs b/crates/ibc/src/events.rs
@@ -369,3 +369,25 @@ impl From<ModuleEventAttribute> for Tag {
         }
     }
 }
+
+#[cfg(test)]
+pub mod tests {
+    use super::*;
+    use alloc::vec;
+
+    use crate::core::ics04_channel::{
+        events::SendPacket,
+        packet::{test_utils::get_dummy_raw_packet, Packet},
+    };
+
+    #[test]
+    /// Ensures that we don't panic when packet data is not valid UTF-8.
+    /// See issue [#199](https://github.com/cosmos/ibc-rs/issues/199)
+    pub fn test_packet_data_non_utf8() {
+        let mut packet = Packet::try_from(get_dummy_raw_packet(1, 1)).unwrap();
+        packet.data = vec![128];
+
+        let ibc_event = IbcEvent::SendPacket(SendPacket { packet });
+        let _ = AbciEvent::try_from(ibc_event);
+    }
+}
diff --git a/crates/ibc/src/lib.rs b/crates/ibc/src/lib.rs
@@ -16,7 +16,7 @@
     rust_2018_idioms
 )]
 #![forbid(unsafe_code)]
-#![doc(html_root_url = "https://docs.rs/ibc/0.21.0")]
+#![doc(html_root_url = "https://docs.rs/ibc/0.21.1")]
 
 //! This library implements the InterBlockchain Communication (IBC) protocol in Rust. IBC is
 //! a distributed protocol that enables communication between distinct sovereign blockchains.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		- No longer panic when packet data is not valid UTF-8
		([#199](https://github.com/cosmos/ibc-rs/issues/199))
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		This release fixes a critical vulnerability. It is strongly advised to upgrade.