Fixes#169
Fixes https://github.com/tendermint/tendermint/issues/1322
The previous code was very trusting assuming that
rational actors will use this code. However, Byzantine
actors don't care and in the case of the linked issue
negative lengths can be sent to this code unfettered
having been received from a peer.
This code is essentially just a sign change from
`==`
to
`<=`
and we've gutted out that attack by being more defensive.
Follow-up to feedback from #1286, this change simplifies the connection
handling in the SocketClient and makes the communication via TCP more
robust. It introduces the tcpTimeoutListener to encapsulate accept and
i/o timeout handling as well as connection keep-alive, this type could
likely be upgraded to handle more fine-grained tuning of the tcp stack
(linger, nodelay, etc.) according to the properties we desire. The same
methods should be applied to the RemoteSigner which will be overhauled
when the priv_val_server is fleshed out.
* require private key
* simplify connect logic
* break out conn upgrades to tcpTimeoutListener
* extend test coverage and simplify component setup
Fixes#212
Declare the purpose of the Less, Len, Swap methods
so that readers can see why they are defined.
Raised by an auditor in their report, as it looked like a security
concern but actually sort.Interface requires those methods implemented.
Noticed while investigating
https://github.com/tendermint/tendermint/issues/970
As reported by @zramsay, we'd get the warning
from tendermint/rpc/lib because we were passing in
scheme-less addresses, so by default use "tcp".
Also by default, "node" (nodeAddr) has been set to:
"tcp://localhost:46657"
instead of the bare:
"localhost:46657"
This change is just to clean up such warnings as
they spuriously would spook users for a package "lite"
that claims to be secure.
