Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mostrod crashes if there is an error unwrapping a DM #394

Open
chebizarro opened this issue Nov 18, 2024 · 1 comment
Open

Mostrod crashes if there is an error unwrapping a DM #394

chebizarro opened this issue Nov 18, 2024 · 1 comment

Comments

@chebizarro
Copy link

Any sort of error when unwrapping a NIP44/59 gift-wrapped DM will cause the mostro daemon to crash. Eg

Error: NIP44: Json: invalid value: integer `-5138953035001`, expected u64 not found in payload

and

Error: NIP44: Json: malformed signature not found in payload

Were both fatal errors caused by a malformed date field in a gift wrapped event.

The main error that causes the crash is thrown here:

mostro/src/nip59.rs

Lines 79 to 82 in 8fd10f3

let seal = match Event::from_json(seal) {
Ok(seal) => seal,
Err(e) => return Err(BuilderError::NIP44(nip44::Error::NotFound(e.to_string()))),
};

Which doesn't seem to be handled by the calling function here:

let event = unwrap_gift_wrap(&my_keys, &event)?;

Nostr events that are malformed are normally rejected by relays, but the contents of a Gift Wrapped DM can only be read by the recipient and therefore need to be treated with extra care when deserializing. A production server should be able to gracefully recover from this kind of error without crashing.

@arkanoider
Copy link
Collaborator

Hi @chebizarro , we are planning to change all the custom logic with the official SDK logic, we yet did in mostro-cli. We will keep an eye on this and in case we will ask you to retest after the new release of mostro which is quite big.
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants