fix: verify content fetched from racing http gateways

n0-computer · Nov 19, 2022 · e281a4a · e281a4a
1 parent 2f0f4f4
commit e281a4a
Showing 1 changed file with 15 additions and 5 deletions.
diff --git a/iroh-resolver/src/content_loader.rs b/iroh-resolver/src/content_loader.rs
@@ -161,11 +161,21 @@ impl FullLoader {
     async fn fetch_gateway(&self, cid: &Cid) -> Result<Option<LoadedCid>> {
         match self.next_gateway().await {
             Some(url) => {
-                let data = reqwest::get(url.as_url(cid)).await?.bytes().await?;
-                Ok(Some(LoadedCid {
-                    data,
-                    source: Source::Http(url.as_string()),
-                }))
+                let response = reqwest::get(url.as_url(cid)).await?;
+                // Filter out non http 200 responses.
+                if !response.status().is_success() {
+                    return Err(anyhow!("unexpected http status"));
+                }
+                let data = response.bytes().await?;
+                // Make sure the content is not tampered with.
+                if iroh_util::verify_hash(cid, &data) == Some(true) {
+                    Ok(Some(LoadedCid {
+                        data,
+                        source: Source::Http(url.as_string()),
+                    }))
+                } else {
+                    Err(anyhow!("invalid CID hash"))
+                }
             }
             None => Ok(None),
         }