diff --git a/src/pipeline.ts b/src/pipeline.ts index 092dde9..9aa16fd 100644 --- a/src/pipeline.ts +++ b/src/pipeline.ts @@ -32,6 +32,9 @@ async function handleEvent(event: DittoEvent, signal: AbortSignal): Promise= 2_147_483_647) { throw new RelayError('blocked', 'event too far in the future'); } + if (event.kind >= 2_147_483_647) { + throw new RelayError('blocked', 'event kind too large'); + } if (!(await verifyEventWorker(event))) return; if (encounterEvent(event)) return; debug(`NostrEvent<${event.kind}> ${event.id}`); diff --git a/src/storages/EventsDB.ts b/src/storages/EventsDB.ts index 1c52f40..0f7d080 100644 --- a/src/storages/EventsDB.ts +++ b/src/storages/EventsDB.ts @@ -93,6 +93,20 @@ class EventsDB implements NStore { async query(filters: NostrFilter[], opts: { signal?: AbortSignal; limit?: number } = {}): Promise { filters = await this.expandFilters(filters); + for (const filter of filters) { + if (filter.since && filter.since >= 2_147_483_647) { + throw new Error('since filter too far into the future'); + } + if (filter.until && filter.until >= 2_147_483_647) { + throw new Error('until filter too far into the future'); + } + for (const kind of filter.kinds ?? []) { + if (kind >= 2_147_483_647) { + throw new Error('kind filter too far into the future'); + } + } + } + if (opts.signal?.aborted) return Promise.resolve([]); if (!filters.length) return Promise.resolve([]);