oasisprotocol
diff --git a/‎.changelog/6547.trivial.md‎ b/‎.changelog/6547.trivial.md‎
diff --git a/‎go/storage/mkvs/syncer/proof.go‎
Lines changed: 11 additions & 5 deletions b/‎go/storage/mkvs/syncer/proof.go‎
Lines changed: 11 additions & 5 deletions
@@ -15,6 +15,9 @@ const (
 	MinimumProofVersion = 0
 	// LatestProofVersion is the latest supported proof version.
 	LatestProofVersion = 1
+
+	// maxProofDepth is the maximum depth of a proof.
+	maxProofDepth = 128
 )
 
 const (
@@ -313,7 +316,7 @@ func (pv *ProofVerifier) verifyProofOpts(ctx context.Context, root hash.Hash, pr
 	}
 
 	var res verifyResult
-	idx, rootPtr, err := pv.verifyProof(ctx, proof, 0, opts, &res)
+	idx, rootPtr, err := pv.verifyProof(ctx, proof, 0, 0, opts, &res)
 	if err != nil {
 		return nil, err
 	}
@@ -341,13 +344,16 @@ func (pv *ProofVerifier) verifyProofOpts(ctx context.Context, root hash.Hash, pr
 	return &res, nil
 }
 
-func (pv *ProofVerifier) verifyProof(ctx context.Context, proof *Proof, idx int, opts *verifyOpts, res *verifyResult) (int, *node.Pointer, error) {
+func (pv *ProofVerifier) verifyProof(ctx context.Context, proof *Proof, idx int, depth int, opts *verifyOpts, res *verifyResult) (int, *node.Pointer, error) {
 	if ctx.Err() != nil {
 		return -1, nil, ctx.Err()
 	}
 	if idx >= len(proof.Entries) {
 		return -1, nil, errors.New("verifier: malformed proof")
 	}
+	if depth > maxProofDepth {
+		return -1, nil, errors.New("verifier: max proof depth exceeded")
+	}
 
 	entry := proof.Entries[idx]
 	if entry == nil {
@@ -377,7 +383,7 @@ func (pv *ProofVerifier) verifyProof(ctx context.Context, proof *Proof, idx int,
 			case 1:
 				// In version 1, the leaf node is added separately, as a child.
 				// Leaf.
-				pos, nd.LeafNode, err = pv.verifyProof(ctx, proof, pos, opts, res)
+				pos, nd.LeafNode, err = pv.verifyProof(ctx, proof, pos, depth+1, opts, res)
 				if err != nil {
 					return -1, nil, err
 				}
@@ -387,12 +393,12 @@ func (pv *ProofVerifier) verifyProof(ctx context.Context, proof *Proof, idx int,
 			}
 
 			// Left.
-			pos, nd.Left, err = pv.verifyProof(ctx, proof, pos, opts, res)
+			pos, nd.Left, err = pv.verifyProof(ctx, proof, pos, depth+1, opts, res)
 			if err != nil {
 				return -1, nil, err
 			}
 			// Right.
-			pos, nd.Right, err = pv.verifyProof(ctx, proof, pos, opts, res)
+			pos, nd.Right, err = pv.verifyProof(ctx, proof, pos, depth+1, opts, res)
 			if err != nil {
 				return -1, nil, err
 			}
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,9 @@ const (`
`15`	`15`	`MinimumProofVersion = 0`
`16`	`16`	`// LatestProofVersion is the latest supported proof version.`
`17`	`17`	`LatestProofVersion = 1`
	`18`	`+`
	`19`	`+ // maxProofDepth is the maximum depth of a proof.`
	`20`	`+ maxProofDepth = 128`
`18`	`21`	`)`
`19`	`22`
`20`	`23`	`const (`
`@@ -313,7 +316,7 @@ func (pv *ProofVerifier) verifyProofOpts(ctx context.Context, root hash.Hash, pr`
`313`	`316`	`}`
`314`	`317`
`315`	`318`	`var res verifyResult`
`316`		`- idx, rootPtr, err := pv.verifyProof(ctx, proof, 0, opts, &res)`
	`319`	`+ idx, rootPtr, err := pv.verifyProof(ctx, proof, 0, 0, opts, &res)`
`317`	`320`	`if err != nil {`
`318`	`321`	`return nil, err`
`319`	`322`	`}`
`@@ -341,13 +344,16 @@ func (pv *ProofVerifier) verifyProofOpts(ctx context.Context, root hash.Hash, pr`
`341`	`344`	`return &res, nil`
`342`	`345`	`}`
`343`	`346`
`344`		`-func (pv ProofVerifier) verifyProof(ctx context.Context, proof Proof, idx int, opts verifyOpts, res verifyResult) (int, *node.Pointer, error) {`
	`347`	`+func (pv ProofVerifier) verifyProof(ctx context.Context, proof Proof, idx int, depth int, opts verifyOpts, res verifyResult) (int, *node.Pointer, error) {`
`345`	`348`	`if ctx.Err() != nil {`
`346`	`349`	`return -1, nil, ctx.Err()`
`347`	`350`	`}`
`348`	`351`	`if idx >= len(proof.Entries) {`
`349`	`352`	`return -1, nil, errors.New("verifier: malformed proof")`
`350`	`353`	`}`
	`354`	`+ if depth > maxProofDepth {`
	`355`	`+ return -1, nil, errors.New("verifier: max proof depth exceeded")`
	`356`	`+ }`
`351`	`357`
`352`	`358`	`entry := proof.Entries[idx]`
`353`	`359`	`if entry == nil {`
`@@ -377,7 +383,7 @@ func (pv ProofVerifier) verifyProof(ctx context.Context, proof Proof, idx int,`
`377`	`383`	`case 1:`
`378`	`384`	`// In version 1, the leaf node is added separately, as a child.`
`379`	`385`	`// Leaf.`
`380`		`- pos, nd.LeafNode, err = pv.verifyProof(ctx, proof, pos, opts, res)`
	`386`	`+ pos, nd.LeafNode, err = pv.verifyProof(ctx, proof, pos, depth+1, opts, res)`
`381`	`387`	`if err != nil {`
`382`	`388`	`return -1, nil, err`
`383`	`389`	`}`
`@@ -387,12 +393,12 @@ func (pv ProofVerifier) verifyProof(ctx context.Context, proof Proof, idx int,`
`387`	`393`	`}`
`388`	`394`
`389`	`395`	`// Left.`
`390`		`- pos, nd.Left, err = pv.verifyProof(ctx, proof, pos, opts, res)`
	`396`	`+ pos, nd.Left, err = pv.verifyProof(ctx, proof, pos, depth+1, opts, res)`
`391`	`397`	`if err != nil {`
`392`	`398`	`return -1, nil, err`
`393`	`399`	`}`
`394`	`400`	`// Right.`
`395`		`- pos, nd.Right, err = pv.verifyProof(ctx, proof, pos, opts, res)`
	`401`	`+ pos, nd.Right, err = pv.verifyProof(ctx, proof, pos, depth+1, opts, res)`
`396`	`402`	`if err != nil {`
`397`	`403`	`return -1, nil, err`
`398`	`404`	`}`