From 5ccf474d8d67193363d94911f40cbe0a8dc77f85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastian=20K=C3=B6cher?= <bkchr@users.noreply.github.com>
Date: Sat, 30 Nov 2019 23:20:23 +0100
Subject: [PATCH] Check filename length is valid in keystore (#4255)

---
 substrate/client/keystore/src/lib.rs | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/substrate/client/keystore/src/lib.rs b/substrate/client/keystore/src/lib.rs
index 3c1dffbb81b..36cbcb57864 100644
--- a/substrate/client/keystore/src/lib.rs
+++ b/substrate/client/keystore/src/lib.rs
@@ -226,7 +226,7 @@ impl Store {
 			// skip directories and non-unicode file names (hex is unicode)
 			if let Some(name) = path.file_name().and_then(|n| n.to_str()) {
 				match hex::decode(name) {
-					Ok(ref hex) => {
+					Ok(ref hex) if hex.len() > 4 => {
 						if &hex[0..4] != &key_type.0 { continue	}
 						let public = TPublic::from_slice(&hex[4..]);
 						public_keys.push(public);
@@ -422,4 +422,17 @@ mod tests {
 
 		assert_eq!(key_pair.public(), store_key_pair.public());
 	}
+
+	#[test]
+	fn store_ignores_files_with_invalid_name() {
+		let temp_dir = TempDir::new().unwrap();
+		let store = Store::open(temp_dir.path(), None).unwrap();
+
+		let file_name = temp_dir.path().join(hex::encode(&SR25519.0[..2]));
+		fs::write(file_name, "test").expect("Invalid file is written");
+
+		assert!(
+			store.read().public_keys_by_type::<sr25519::AppPublic>(SR25519).unwrap().is_empty(),
+		);
+	}
 }
-- 
GitLab