From b1721c74f99e307f6c5320551d75e4636ab299ee Mon Sep 17 00:00:00 2001
From: dignifiedquire <me@dignifiedquire.com>
Date: Tue, 28 Jan 2025 11:47:08 +0100
Subject: [PATCH] fix: handle invalid input length when parsing a node id

This avoids a panic when calling `decode_mut` with an invalid input length.

Closes #3153
---
 iroh-base/src/key.rs | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/iroh-base/src/key.rs b/iroh-base/src/key.rs
index 41781598e7..b1ce6f40ae 100644
--- a/iroh-base/src/key.rs
+++ b/iroh-base/src/key.rs
@@ -330,7 +330,12 @@ fn decode_base32_hex(s: &str) -> Result<[u8; 32], KeyParsingError> {
         // hex
         data_encoding::HEXLOWER.decode_mut(s.as_bytes(), &mut bytes)
     } else {
-        data_encoding::BASE32_NOPAD.decode_mut(s.to_ascii_uppercase().as_bytes(), &mut bytes)
+        let input = s.to_ascii_uppercase();
+        let input = input.as_bytes();
+        if data_encoding::BASE32_NOPAD.decode_len(input.len())? != bytes.len() {
+            return Err(KeyParsingError::DecodeInvalidLength);
+        }
+        data_encoding::BASE32_NOPAD.decode_mut(input, &mut bytes)
     };
     match res {
         Ok(len) => {
@@ -390,4 +395,10 @@ mod tests {
             key.public()
         );
     }
+
+    #[test]
+    fn test_regression_parse_node_id_panic() {
+        let not_a_node_id = "foobarbaz";
+        assert!(PublicKey::from_str(not_a_node_id).is_err());
+    }
 }