From d700c85eecb5bd82d5908cae1986991b57b1124d Mon Sep 17 00:00:00 2001
From: Hank Stoever <hstove@gmail.com>
Date: Mon, 8 Apr 2024 10:36:33 -0700
Subject: [PATCH] feat: limit length of chunks when signer reads from stackerdb

---
 libsigner/src/session.rs           | 12 +++++++++++-
 stackslib/src/net/stackerdb/mod.rs |  2 ++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/libsigner/src/session.rs b/libsigner/src/session.rs
index 30966f897..044c1dd19 100644
--- a/libsigner/src/session.rs
+++ b/libsigner/src/session.rs
@@ -17,6 +17,7 @@
 use std::net::{SocketAddr, TcpStream};
 use std::str;
 
+use blockstack_lib::net::stackerdb::SIGNERS_STACKERDB_CHUNK_SIZE;
 use clarity::vm::types::QualifiedContractIdentifier;
 use libstackerdb::{
     stackerdb_get_chunk_path, stackerdb_get_metadata_path, stackerdb_post_chunk_path, SlotMetadata,
@@ -217,7 +218,16 @@ impl SignerSession for StackerDBSession {
         for slot_id in slot_ids.iter() {
             let path = stackerdb_get_chunk_path(self.stackerdb_contract_id.clone(), *slot_id, None);
             let chunk = match self.rpc_request("GET", &path, None, &[]) {
-                Ok(body_bytes) => Some(body_bytes),
+                Ok(body_bytes) => {
+                    // Verify that the chunk is not too large
+                    if body_bytes.len() > u32::MAX as usize {
+                        None
+                    } else if body_bytes.len() as u32 > SIGNERS_STACKERDB_CHUNK_SIZE {
+                        None
+                    } else {
+                        Some(body_bytes)
+                    }
+                }
                 Err(RPCError::HttpError(code)) => {
                     if code != 404 {
                         return Err(RPCError::HttpError(code));
diff --git a/stackslib/src/net/stackerdb/mod.rs b/stackslib/src/net/stackerdb/mod.rs
index 7a1b29b2e..aa6d0ceb4 100644
--- a/stackslib/src/net/stackerdb/mod.rs
+++ b/stackslib/src/net/stackerdb/mod.rs
@@ -148,6 +148,8 @@ pub const STACKERDB_INV_MAX: u32 = 4096;
 pub const STACKERDB_PAGE_LIST_MAX: u32 = 4096;
 /// maximum number of pages that can be used in a StackerDB contract
 pub const STACKERDB_MAX_PAGE_COUNT: u32 = 2;
+/// CHUNK_SIZE constant for signers StackerDBs
+pub const SIGNERS_STACKERDB_CHUNK_SIZE: u32 = 2 * 1024 * 1024; // 2MB
 
 pub const STACKERDB_SLOTS_FUNCTION: &str = "stackerdb-get-signer-slots";
 pub const STACKERDB_CONFIG_FUNCTION: &str = "stackerdb-get-config";