From 6965fa60f743d911ee106b542cec80a1417266b1 Mon Sep 17 00:00:00 2001
From: Volodymyr Kravets <volodymyr.kravets@outlook.com>
Date: Fri, 25 Aug 2023 11:52:15 +0300
Subject: [PATCH 1/4] Improved rlp parsing

---
 .../src/main/java/org/ethereum/util/RLP.java      |  8 ++++++++
 rskj-core/src/test/java/co/rsk/util/RLPTest.java  | 15 ++++++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/rskj-core/src/main/java/org/ethereum/util/RLP.java b/rskj-core/src/main/java/org/ethereum/util/RLP.java
index a842162aec8..a397751df88 100644
--- a/rskj-core/src/main/java/org/ethereum/util/RLP.java
+++ b/rskj-core/src/main/java/org/ethereum/util/RLP.java
@@ -433,6 +433,10 @@ private static Pair<RLPElement, Integer> decodeElement(byte[] msgData, int posit
                 offset = 1 + nbytes;
             }
 
+            if (Long.compareUnsigned(length, Integer.MAX_VALUE) > 0) {
+                throw new RLPException("The current implementation doesn't support lengths longer than Integer.MAX_VALUE because that is the largest number of elements an array can have");
+            }
+
             if (position + length > msgData.length) {
                 throw new RLPException("The RLP byte array doesn't have enough space to hold an element with the specified length");
             }
@@ -492,6 +496,10 @@ private static int bytesToLength(byte[] bytes, int position, int size) {
             length += bytes[position + k] & 0xff;
         }
 
+        if (length < 0) {
+            throw new RLPException("The length of the RLP item can't be negative");
+        }
+
         return length;
     }
 
diff --git a/rskj-core/src/test/java/co/rsk/util/RLPTest.java b/rskj-core/src/test/java/co/rsk/util/RLPTest.java
index ee6ca31b6f0..a2bdf5e4b91 100644
--- a/rskj-core/src/test/java/co/rsk/util/RLPTest.java
+++ b/rskj-core/src/test/java/co/rsk/util/RLPTest.java
@@ -977,7 +977,7 @@ void lengthOfLengthOfMaxIntegerDoesntOverflow() {
     void lengthOfLengthGreaterThanMaxIntegerOverflows() {
         try {
             // Integer.MAX_VALUE + 1
-            byte[] encoded = new byte[] { (byte)(183 + 4), (byte)0x80, (byte)0xff, (byte)0xff, (byte)0xff };
+            byte[] encoded = new byte[] { (byte)(192 + 55 + 4), (byte)0x7F, (byte)0xff, (byte)0xff, (byte)0xff };
             RLP.decodeBigInteger(encoded, 0);
             Assertions.fail();
         }
@@ -986,6 +986,19 @@ void lengthOfLengthGreaterThanMaxIntegerOverflows() {
         }
     }
 
+    @Test
+    void lengthOfLengthLessThanZero() {
+        try {
+            // Integer.MAX_VALUE + 1
+            byte[] encoded = new byte[] { (byte)(183 + 4), (byte)0x80, (byte)0xff, (byte)0xff, (byte)0xff };
+            RLP.decodeBigInteger(encoded, 0);
+            Assertions.fail();
+        }
+        catch (RLPException ex) {
+            Assertions.assertEquals("The length of the RLP item can't be negative", ex.getMessage());
+        }
+    }
+
     @Test
     void encodeDecodeInteger() {
         for (int k = 0; k < 2048; k++) {

From f04cf53a39c3a3191c5084039d029a43cd879e9f Mon Sep 17 00:00:00 2001
From: Volodymyr Kravets <volodymyr.kravets@outlook.com>
Date: Fri, 25 Aug 2023 12:05:35 +0300
Subject: [PATCH 2/4] Changed modifier to RC for v5.2.0

---
 rskj-core/src/main/resources/version.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rskj-core/src/main/resources/version.properties b/rskj-core/src/main/resources/version.properties
index c7e55da15d6..04f699d55dc 100644
--- a/rskj-core/src/main/resources/version.properties
+++ b/rskj-core/src/main/resources/version.properties
@@ -1,2 +1,2 @@
 versionNumber='5.2.0'
-modifier="SNAPSHOT"
+modifier="RC"

From 3a0eeecc0a3b865423367653fc5c0c3d07bb824b Mon Sep 17 00:00:00 2001
From: Volodymyr Kravets <volodymyr.kravets@outlook.com>
Date: Tue, 5 Sep 2023 14:24:36 +0300
Subject: [PATCH 3/4] Changed modifier to FINGERROOT for v5.2.0

---
 rskj-core/src/main/resources/version.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rskj-core/src/main/resources/version.properties b/rskj-core/src/main/resources/version.properties
index 04f699d55dc..b2aaac16c5a 100644
--- a/rskj-core/src/main/resources/version.properties
+++ b/rskj-core/src/main/resources/version.properties
@@ -1,2 +1,2 @@
 versionNumber='5.2.0'
-modifier="RC"
+modifier="FINGERROOT"

From 14ab140e7e6a238a507c81a3c0fae457a73b7abf Mon Sep 17 00:00:00 2001
From: Volodymyr Kravets <volodymyr.kravets@outlook.com>
Date: Wed, 6 Sep 2023 14:37:10 +0300
Subject: [PATCH 4/4] Disabling sonar complaint

---
 rskj-core/src/main/java/org/ethereum/util/RLP.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rskj-core/src/main/java/org/ethereum/util/RLP.java b/rskj-core/src/main/java/org/ethereum/util/RLP.java
index a397751df88..23b4ea69820 100644
--- a/rskj-core/src/main/java/org/ethereum/util/RLP.java
+++ b/rskj-core/src/main/java/org/ethereum/util/RLP.java
@@ -416,7 +416,7 @@ public static RLPElement decodeFirstElement(@CheckForNull byte[] msgData, int po
         return decodeElement(msgData, position).getKey();
     }
 
-    private static Pair<RLPElement, Integer> decodeElement(byte[] msgData, int position) {
+    private static Pair<RLPElement, Integer> decodeElement(byte[] msgData, int position) { // NOSONAR
         int b0 = msgData[position] & 0xff;
 
         if (b0 >= 192) {