a collection of lightweight TypeScript packages for AT Protocol, the protocol powering Bluesky
atproto bluesky typescript npm
101
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix(cbor): throw on non-canonical map encoding

fixes https://github.com/mary-ext/atcute/issues/40

Mary 827a34ad 04fca437

+18 -2
+5
.changeset/great-stars-create.md
··· 1 + --- 2 + '@atcute/cbor': patch 3 + --- 4 + 5 + throw on non-canonical map encoding
+13 -2
packages/utilities/cbor/lib/decode.ts
··· 45 45 break; 46 46 } 47 47 default: { 48 - throw new Error(`invalid argument encoding; got ${info}`); 48 + throw new Error(`invalid argument encoding; got ${info}`); 49 49 } 50 50 } 51 51 return arg; ··· 118 118 const cid = fromBinary(state.b.subarray(state.p, (state.p += length))); 119 119 120 120 return new CidLinkWrapper(cid.bytes); 121 + }; 122 + 123 + const compareKeys = (a: string, b: string): number => { 124 + return a.length - b.length || (a < b ? -1 : a > b ? 1 : 0); 121 125 }; 122 126 123 127 const decodeStringKey = (state: State): string => { ··· 302 306 303 307 if (stack.t === 0) { 304 308 // Read the key of the next map item 305 - stack.k = decodeStringKey(state); 309 + const prevKey = stack.k; 310 + const nextKey = decodeStringKey(state); 311 + 312 + if (compareKeys(nextKey, prevKey) <= 0) { 313 + throw new TypeError(`map keys are not in canonical order or contain duplicates`); 314 + } 315 + 316 + stack.k = nextKey; 306 317 } 307 318 308 319 continue jump;