state_foreign_set doesn't check args size

[tequdev]

chook implementation (check part)

xahaud/src/ripple/app/hook/impl/applyHook.cpp

Lines 2185 to 2189 in eec61f1

	if (kread_len > 32)
	return TOO_BIG;
	if (kread_len < 1)
	return TOO_SMALL;

jshook implementation

xahaud/src/ripple/app/hook/impl/applyHook.cpp

Lines 2242 to 2302 in eec61f1

	DEFINE_JS_FUNCTION(
	JSValue,
	state_foreign_set,
	JSValue raw_val,
	JSValue raw_key,
	JSValue raw_ns,
	JSValue raw_acc)
	{
	JS_HOOK_SETUP();
	auto val = FromJSIntArrayOrHexString(ctx, raw_val, hook::maxHookStateDataSize());
	auto key_in = FromJSIntArrayOrHexString(ctx, raw_key, 32);
	auto ns_in = FromJSIntArrayOrHexString(ctx, raw_ns, 32);
	auto acc_in = FromJSIntArrayOrHexString(ctx, raw_acc, 20);
	// if (!val.has_value() && !JS_IsUndefined(raw_val))
	// returnJS(INVALID_ARGUMENT);
	// if (!ns_in.has_value() && !JS_IsUndefined(raw_ns))
	// returnJS(INVALID_ARGUMENT);
	// if (!acc_in.has_value() && !JS_IsUndefined(raw_acc))
	// returnJS(INVALID_ARGUMENT);
	// val may be populated and empty, this is a delete operation...
	if (!key_in.has_value() || key_in->empty())
	returnJS(INVALID_ARGUMENT);
	if (ns_in.has_value() && ns_in->size() != 32)
	returnJS(INVALID_ARGUMENT);
	if (acc_in.has_value() && acc_in->size() != 20)
	returnJS(INVALID_ARGUMENT);
	uint256 ns = ns_in.has_value()
	? uint256::fromVoid(ns_in->data())
	: hookCtx.result.hookNamespace;
	AccountID acc = acc_in.has_value()
	? AccountID::fromVoid(acc_in->data())
	: hookCtx.result.account;
	auto key = make_state_key(
	std::string_view{(const char*)(key_in->data()), key_in->size()});
	auto const sleAccount = view.peek(hookCtx.result.accountKeylet);
	if (!sleAccount)
	returnJS(tefINTERNAL);
	if (!key)
	returnJS(INTERNAL_ERROR);
	ripple::Blob data;
	if (val.has_value())
	data = ripple::Blob(val->data(), val->data() + val->size());
	returnJS(__state_foreign_set(hookCtx, applyCtx, j, data, *key, ns, acc));
	JS_HOOK_TEARDOWN();
	}