Skip to content

feat(pdp): enforce extraData size limits #807

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rvagg merged 5 commits into from
Dec 9, 2025
Merged

feat(pdp): enforce extraData size limits #807

rvagg merged 5 commits into from
Dec 9, 2025
+32 −0

Conversation

@siddharthbaleja7
Copy link

@siddharthbaleja7 siddharthbaleja7 commented Nov 18, 2025
edited
Loading

Description

This PR implements service-level validation for the extraData payload size in PDP (Proof of Data Possession) requests. Following the removal of the hard limit in the PDPVerifier contract (FilOzone/pdp#224), this logic is now enforced within Curio to prevent excessively large metadata payloads from being processed. I have verified these changes locally to ensure that the limits are enforced correctly and oversized payloads are rejected.

Fixes #713

Changes Proposed

1. Defined Size Limits

  • MaxCreateDataSetExtraDataSize: Set to 4KB (4096 bytes) for createDataSet.
  • MaxAddPiecesExtraDataSize: Set to 8KB (8192 bytes) for addPieces and createDataSetAndAddPieces.

2. Validation Logic (Fail Fast)

Implemented size checks in the following handlers:

  • handleCreateDataSet
  • handleCreateDataSetAndAddPieces
  • handleAddPieceToDataSet

Checklist

@siddharthbaleja7 siddharthbaleja7 requested a review from a team as a code owner November 18, 2025 13:13
@siddharthbaleja7
Copy link
Author

siddharthbaleja7 commented Nov 18, 2025

@rjan90 can you please review this PR?

1 similar comment
@siddharthbaleja7
Copy link
Author

siddharthbaleja7 commented Nov 19, 2025

@rjan90 can you please review this PR?

@rvagg
Copy link
Member

rvagg commented Dec 4, 2025

@siddharthbaleja7 this is fine, but can you do a couple of things here please also update handleDeleteDataSetPiece as well, it should have a limit of 256 bytes.

rvagg
rvagg reviewed Dec 4, 2025
View reviewed changes
pdp/handlers_create.go Outdated
Comment on lines 22 to 27
// MaxCreateDataSetExtraDataSize defines the service-level limit for extraData in CreateDataSet calls (4KB).
// Recommended in FilOzone/pdp#224.
MaxCreateDataSetExtraDataSize = 4096

// MaxAddPiecesExtraDataSize defines the service-level limit for extraData in AddPieces calls (8KB).
// Recommended in FilOzone/pdp#224.
Copy link
Member

@rvagg rvagg Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// MaxCreateDataSetExtraDataSize defines the service-level limit for extraData in CreateDataSet calls (4KB).
// Recommended in FilOzone/pdp#224.
MaxCreateDataSetExtraDataSize = 4096
// MaxAddPiecesExtraDataSize defines the service-level limit for extraData in AddPieces calls (8KB).
// Recommended in FilOzone/pdp#224.
// MaxCreateDataSetExtraDataSize defines the limit for extraData size in CreateDataSet calls (4KB).
MaxCreateDataSetExtraDataSize = 4096
// MaxAddPiecesExtraDataSize defines the limit for extraData size in AddPieces calls (8KB).

@rvagg rvagg changed the title feat(pdp): enforce extraData size limit at the service level feat(pdp): enforce extraData size limits Dec 4, 2025
@rvagg
Copy link
Member

rvagg commented Dec 4, 2025

Updating terminology here - this is not the "service level", that's in the contract, this is the "server". This doesn't strictly need to be done here, it's done in contract, but this is just a nice-to-have to prevent size blow-outs when dealing with alternative service contracts.

@rvagg
Copy link
Member

rvagg commented Dec 4, 2025

FWIW the actual service-level implementation is here: FilOzone/filecoin-services#313 - that's where you can see the limits at work in contracts

@siddharthbaleja7
Copy link
Author

siddharthbaleja7 commented Dec 4, 2025

@rvagg @rjan90 I have made the changes. I added the 256-byte limit to handleDeleteDataSetPiece and updated the comments to clarify the terminology as requested.

rvagg
rvagg reviewed Dec 5, 2025
View reviewed changes
pdp/handlers.go Outdated
http.Error(w, "Invalid extraData format (must be hex encoded)", http.StatusBadRequest)
return
}
if len(extraDataBytes) > 256 {
Copy link
Member

@rvagg rvagg Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs a constant like the other two please

but now they are spread across two files, how about you move the constants into this file, handlers.go, since it's the parent file of the set.

rvagg
rvagg reviewed Dec 5, 2025
View reviewed changes
pdp/handlers.go Outdated
return
}
if len(extraDataBytes) > MaxDeletePieceExtraDataSize {
http.Error(w, "extraData too long (max 256 bytes)", http.StatusBadRequest)
Copy link
Member

@rvagg rvagg Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you've not followed the same pattern here and hard-coded 256 into the msg, use fmt.Sprintf and get the constant to do the work like your other messages

rvagg
rvagg approved these changes Dec 9, 2025
View reviewed changes
Copy link
Member

@rvagg rvagg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

excellent, thanks

@rvagg rvagg merged commit 8081340 into filecoin-project:pdpv0 Dec 9, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rvagg rvagg rvagg approved these changes

Assignees

@siddharthbaleja7 siddharthbaleja7

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@siddharthbaleja7 @rvagg