From 6f72e8c06c3bed44d90b2eea1c70c4c1f6ac66cc Mon Sep 17 00:00:00 2001
From: Kevin Froman <beardog@firemail.cc>
Date: Sun, 4 Nov 2018 17:01:58 -0600
Subject: [PATCH] better address validation and removed dependency

---
 onionr/onionrblacklist.py                      | 11 ++++++-----
 onionr/onionrutils.py                          |  6 ++++++
 onionr/static-data/default-plugins/pms/main.py |  1 -
 requirements.txt                               |  1 -
 4 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/onionr/onionrblacklist.py b/onionr/onionrblacklist.py
index f87ccd65..1d7e83f7 100644
--- a/onionr/onionrblacklist.py
+++ b/onionr/onionrblacklist.py
@@ -32,7 +32,8 @@ class OnionrBlackList:
         retData = False
         if not hashed.isalnum():
             raise Exception("Hashed data is not alpha numeric")
-
+        if len(hashed) > 64:
+            raise Exception("Hashed data is too large")
         for i in self._dbExecute("select * from blacklist where hash='%s'" % (hashed,)):
             retData = True # this only executes if an entry is present by that hash
             break
@@ -95,9 +96,8 @@ class OnionrBlackList:
         '''
         # we hash the data so we can remove data entirely from our node's disk
         hashed = self._core._utils.bytesToStr(self._core._crypto.sha3Hash(data))
-
-        if self.inBlacklist(hashed):
-            return
+        if len(hashed) > 64:
+            raise Exception("Hashed data is too large")
 
         if not hashed.isalnum():
             raise Exception("Hashed data is not alpha numeric")
@@ -109,7 +109,8 @@ class OnionrBlackList:
             int(expire)
         except ValueError:
             raise Exception("expire is not int")
-        #TODO check for length sanity
+        if self.inBlacklist(hashed):
+            return
         insert = (hashed,)
         blacklistDate = self._core._utils.getEpoch()
         self._dbExecute("insert into blacklist (hash, dataType, blacklistDate, expire) VALUES('%s', %s, %s, %s);" % (hashed, dataType, blacklistDate, expire))
diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py
index f102a3a1..3bab70b0 100644
--- a/onionr/onionrutils.py
+++ b/onionr/onionrutils.py
@@ -483,6 +483,12 @@ class OnionrUtils:
                         retVal = False
                 if not idNoDomain.isalnum():
                     retVal = False
+                
+                # Validate address is valid base32 (when capitalized and minus extension); v2/v3 onions and .b32.i2p use base32
+                try:
+                    base64.b32decode(idNoDomain.upper().encode())
+                except binascii.Error:
+                    retVal = False
 
             return retVal
         except:
diff --git a/onionr/static-data/default-plugins/pms/main.py b/onionr/static-data/default-plugins/pms/main.py
index 981979ee..6e7dda24 100644
--- a/onionr/static-data/default-plugins/pms/main.py
+++ b/onionr/static-data/default-plugins/pms/main.py
@@ -60,7 +60,6 @@ class MailStrings:
 class OnionrMail:
     def __init__(self, pluginapi):
         self.myCore = pluginapi.get_core()
-        #self.dataFolder = pluginapi.get_data_folder()
         self.strings = MailStrings(self)
 
         self.sentboxTools = sentboxdb.SentBox(self.myCore)
diff --git a/requirements.txt b/requirements.txt
index 754a0da9..2375324d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7,4 +7,3 @@ defusedxml==0.5.0
 Flask==1.0.2
 PySocks==1.6.8
 stem==1.6.0
-ntfy==2.6.0