Skip to content

[codex] harden Python submit wrapper against malformed inputs#30

Open
mmaker wants to merge 11 commits intomainfrom
codex/fix-py-submit-input-panics
Open

[codex] harden Python submit wrapper against malformed inputs#30
mmaker wants to merge 11 commits intomainfrom
codex/fix-py-submit-input-panics

Conversation

@mmaker
Copy link
Copy Markdown
Collaborator

@mmaker mmaker commented Mar 31, 2026
edited
Loading

What changed

This PR now combines the original malformed-submit hardening with the emission-date arithmetic fix.

Specifically, it:

  • reports malformed handle_submit_request inputs as typed deserialization errors instead of panicking
  • validates decoded nym length and range-list shape before indexing
  • replaces unchecked emission_date - 30 and emission_date + 1 arithmetic with checked handling

Why

The Python submit wrapper previously had multiple bad-input failure modes: malformed external input could panic in the submit handler, and edge-case emission dates could underflow or overflow while constructing the allowed age range.

Impact

The wrapper now fails closed on malformed submit inputs and impossible emission dates instead of crashing or wrapping arithmetic.

Validation

  • cargo test -p ooniauth_py test_handle_submit_request_rejects_short_ --manifest-path /tmp/codex-bugfixes/userauth-py-panics/Cargo.toml
  • cargo test -p ooniauth_py test_make_submit_request_rejects_date_overflow --manifest-path /tmp/codex-bugfixes/userauth-py-panics/Cargo.toml
  • cargo test -p ooniauth_py test_basic_usage --manifest-path /tmp/codex-bugfixes/userauth-py-panics/Cargo.toml

@mmaker mmaker marked this pull request as ready for review March 31, 2026 00:57
@mmaker mmaker requested a review from LDiazN March 31, 2026 01:03
@mmaker mmaker changed the title [codex] fix Python submit wrapper panics on malformed inputs [codex] harden Python submit wrapper against malformed inputs Mar 31, 2026
@mmaker
Merge pull request #28 from ooni/codex/fix-submit-date-overflow
8a2f8f8 
[codex] fix emission-date overflow in Python submit wrapper
LDiazN
LDiazN approved these changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@LDiazN LDiazN left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, remember to edit the library version before merging, see:

userauth/ooniauth-py/Cargo.toml

Line 3 in 34e5052

version = "0.1.2"

0.1.3 should be good

mmaker
mmaker commented Apr 13, 2026
View reviewed changes
Comment thread ooniauth-py/src/protocol.rs
Comment thread ooniauth-py/src/protocol.rs
@LDiazN
Copy link
Copy Markdown
Contributor

LDiazN commented Apr 17, 2026

After our discussion in Slack, I also set the upper bound of the measurement count range to be fixed to u32::MAX

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LDiazN LDiazN LDiazN approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mmaker @LDiazN