From 33d9c51b6fa09a9090c5919c9d570029167a65ca Mon Sep 17 00:00:00 2001
From: CalDescent <caldescent@protonmail.com>
Date: Sat, 19 Jun 2021 19:26:13 +0100
Subject: [PATCH] Validate supplied base58 string in /data/file/frompeer API
 endpoint

---
 .../java/org/qortal/api/resource/DataResource.java     | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/qortal/api/resource/DataResource.java b/src/main/java/org/qortal/api/resource/DataResource.java
index 639d5ed8..1ce23f56 100644
--- a/src/main/java/org/qortal/api/resource/DataResource.java
+++ b/src/main/java/org/qortal/api/resource/DataResource.java
@@ -179,7 +179,15 @@ public class DataResource {
 			if (dataFile.exists()) {
 				LOGGER.info("Data file {} already exists but we'll request it anyway", dataFile);
 			}
-			Message getDataFileMessage = new GetDataFileMessage(Base58.decode(base58Digest));
+
+			byte[] digest = null;
+			try {
+				digest = Base58.decode(base58Digest);
+			} catch (NumberFormatException e) {
+				LOGGER.info("Invalid base58 encoded string");
+				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
+			}
+			Message getDataFileMessage = new GetDataFileMessage(digest);
 
 			Message message = targetPeer.getResponse(getDataFileMessage);
 			if (message == null || message.getType() != Message.MessageType.DATA_FILE)