From 30d838411e338592b190f7b63ca1ff567f4608f6 Mon Sep 17 00:00:00 2001
From: tnasu <toshimasa_nasu@hotmail.com>
Date: Wed, 5 Oct 2022 18:58:48 +0900
Subject: [PATCH 1/6] Add `ReadFileWithSizeLimit` and use it on `x/wasm`

---
 internal/os/file.go      | 58 ++++++++++++++++++++++++++++++++++++++++
 internal/os/file_test.go | 42 +++++++++++++++++++++++++++++
 x/wasm/client/cli/tx.go  |  7 ++---
 3 files changed, 104 insertions(+), 3 deletions(-)
 create mode 100644 internal/os/file.go
 create mode 100644 internal/os/file_test.go

diff --git a/internal/os/file.go b/internal/os/file.go
new file mode 100644
index 0000000000..1a49f701c5
--- /dev/null
+++ b/internal/os/file.go
@@ -0,0 +1,58 @@
+package os
+
+import (
+	"fmt"
+	"io"
+	"os"
+)
+
+// ReadFileWithSizeLimit expanded os.ReadFile for checking the file size before reading it
+func ReadFileWithSizeLimit(name string, sizeLimit int64) ([]byte, error) {
+	f, err := os.Open(name)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		err := f.Close()
+		if err != nil {
+			fmt.Printf("Cannot close the file: %s\n", name)
+		}
+	}()
+
+	var size int
+	if info, err := f.Stat(); err == nil {
+		size64 := info.Size()
+		// Check the file size
+		if size64 > sizeLimit {
+			return nil, fmt.Errorf("the file is too large: %s, size limit over > %d", name, sizeLimit)
+		}
+		if int64(int(size64)) == size64 {
+			size = int(size64)
+		}
+	}
+	size++ // one byte for final read at EOF
+
+	// If a file claims a small size, read at least 512 bytes.
+	// In particular, files in Linux's /proc claim size 0 but
+	// then do not work right if read in small pieces,
+	// so an initial read of 1 byte would not work correctly.
+	if size < 512 {
+		size = 512
+	}
+
+	data := make([]byte, 0, size)
+	for {
+		if len(data) >= cap(data) {
+			d := append(data[:cap(data)], 0)
+			data = d[:len(data)]
+		}
+		n, err := f.Read(data[len(data):cap(data)])
+		data = data[:len(data)+n]
+		if err != nil {
+			if err == io.EOF {
+				err = nil
+			}
+			return data, err
+		}
+	}
+}
diff --git a/internal/os/file_test.go b/internal/os/file_test.go
new file mode 100644
index 0000000000..cafe8fd8a4
--- /dev/null
+++ b/internal/os/file_test.go
@@ -0,0 +1,42 @@
+package os
+
+import (
+	"os"
+	"reflect"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestReadFileWithSizeLimit(t *testing.T) {
+	filename := "file.go"
+	file, err := os.ReadFile(filename)
+	require.NoError(t, err)
+
+	type args struct {
+		name      string
+		sizeLimit int64
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    []byte
+		wantErr bool
+	}{
+		{"cannot open error", args{"", 0}, nil, true},
+		{"size limit over error", args{filename, 0}, nil, true},
+		{"simple reading file success", args{filename, 100000}, file, false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ReadFileWithSizeLimit(tt.args.name, tt.args.sizeLimit)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("ReadFileWithSizeLimit() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("ReadFileWithSizeLimit() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/x/wasm/client/cli/tx.go b/x/wasm/client/cli/tx.go
index a516236066..9ce8ca0117 100644
--- a/x/wasm/client/cli/tx.go
+++ b/x/wasm/client/cli/tx.go
@@ -3,9 +3,10 @@ package cli
 import (
 	"errors"
 	"fmt"
-	"os"
 	"strconv"
 
+	"github.com/line/lbm-sdk/internal/os"
+
 	"github.com/spf13/cobra"
 	flag "github.com/spf13/pflag"
 
@@ -82,7 +83,7 @@ func StoreCodeCmd() *cobra.Command {
 }
 
 func parseStoreCodeArgs(file string, sender sdk.AccAddress, flags *flag.FlagSet) (types.MsgStoreCode, error) {
-	wasm, err := os.ReadFile(file)
+	wasm, err := os.ReadFileWithSizeLimit(file, int64(types.MaxWasmSize))
 	if err != nil {
 		return types.MsgStoreCode{}, err
 	}
@@ -264,7 +265,7 @@ func StoreCodeAndInstantiateContractCmd() *cobra.Command {
 }
 
 func parseStoreCodeAndInstantiateContractArgs(file string, initMsg string, sender sdk.AccAddress, flags *flag.FlagSet) (lbmtypes.MsgStoreCodeAndInstantiateContract, error) {
-	wasm, err := os.ReadFile(file)
+	wasm, err := os.ReadFileWithSizeLimit(file, int64(types.MaxWasmSize))
 	if err != nil {
 		return lbmtypes.MsgStoreCodeAndInstantiateContract{}, err
 	}

From a2d5bdd9475ba32fbbda21cb1d7dc6fdd148b1bb Mon Sep 17 00:00:00 2001
From: tnasu <toshimasa_nasu@hotmail.com>
Date: Wed, 5 Oct 2022 18:59:06 +0900
Subject: [PATCH 2/6] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 77f3d32492..90b3598388 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -72,6 +72,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * (x/wasm) [\#661](https://github.com/line/lbm-sdk/pull/661) x/wasm refactoring - detaching the custom wasm proto part of lbm-sdk. (apply changes of [\#625](https://github.com/line/lbm-sdk/pull/625) and [\#655](https://github.com/line/lbm-sdk/pull/655))
 * (refactor) [\#685](https://github.com/line/lbm-sdk/pull/685) remove x/foundation UpdateValidatorAuthsProposal
 * (x/foundation) [\#686](https://github.com/line/lbm-sdk/pull/686) remove `Minthreshold` and `MinPercentage` from x/foundation config
+* (x/wasm) [\#696](https://github.com/line/lbm-sdk/pull/696) x/wasm - add checking a wasm file size before reading it
 
 ### Bug Fixes
 * (x/wasm) [\#453](https://github.com/line/lbm-sdk/pull/453) modify wasm grpc query api path

From 200df684987e354ae2c27f59330c4bfd7ef40fa6 Mon Sep 17 00:00:00 2001
From: tnasu <toshimasa_nasu@hotmail.com>
Date: Thu, 6 Oct 2022 12:06:14 +0900
Subject: [PATCH 3/6] Refactor internal/os into x/wasm

---
 x/wasm/client/cli/tx.go              | 2 +-
 {internal => x/wasm}/os/file.go      | 0
 {internal => x/wasm}/os/file_test.go | 0
 3 files changed, 1 insertion(+), 1 deletion(-)
 rename {internal => x/wasm}/os/file.go (100%)
 rename {internal => x/wasm}/os/file_test.go (100%)

diff --git a/x/wasm/client/cli/tx.go b/x/wasm/client/cli/tx.go
index 9ce8ca0117..31dd87d2ed 100644
--- a/x/wasm/client/cli/tx.go
+++ b/x/wasm/client/cli/tx.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"strconv"
 
-	"github.com/line/lbm-sdk/internal/os"
+	"github.com/line/lbm-sdk/x/wasm/os"
 
 	"github.com/spf13/cobra"
 	flag "github.com/spf13/pflag"
diff --git a/internal/os/file.go b/x/wasm/os/file.go
similarity index 100%
rename from internal/os/file.go
rename to x/wasm/os/file.go
diff --git a/internal/os/file_test.go b/x/wasm/os/file_test.go
similarity index 100%
rename from internal/os/file_test.go
rename to x/wasm/os/file_test.go

From 741d0a800314a5143a1b0ac2361d7913be24a9da Mon Sep 17 00:00:00 2001
From: tnasu <toshimasa_nasu@hotmail.com>
Date: Fri, 7 Oct 2022 14:53:05 +0900
Subject: [PATCH 4/6] Revert "Refactor internal/os into x/wasm"

This reverts commit 200df684987e354ae2c27f59330c4bfd7ef40fa6.
---
 {x/wasm => internal}/os/file.go      | 0
 {x/wasm => internal}/os/file_test.go | 0
 x/wasm/client/cli/tx.go              | 2 +-
 3 files changed, 1 insertion(+), 1 deletion(-)
 rename {x/wasm => internal}/os/file.go (100%)
 rename {x/wasm => internal}/os/file_test.go (100%)

diff --git a/x/wasm/os/file.go b/internal/os/file.go
similarity index 100%
rename from x/wasm/os/file.go
rename to internal/os/file.go
diff --git a/x/wasm/os/file_test.go b/internal/os/file_test.go
similarity index 100%
rename from x/wasm/os/file_test.go
rename to internal/os/file_test.go
diff --git a/x/wasm/client/cli/tx.go b/x/wasm/client/cli/tx.go
index 31dd87d2ed..9ce8ca0117 100644
--- a/x/wasm/client/cli/tx.go
+++ b/x/wasm/client/cli/tx.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"strconv"
 
-	"github.com/line/lbm-sdk/x/wasm/os"
+	"github.com/line/lbm-sdk/internal/os"
 
 	"github.com/spf13/cobra"
 	flag "github.com/spf13/pflag"

From 7b4bb6eb543aaa784466ab11c0004a05e6ecde23 Mon Sep 17 00:00:00 2001
From: tnasu <toshimasa_nasu@hotmail.com>
Date: Fri, 7 Oct 2022 18:10:45 +0900
Subject: [PATCH 5/6] Use `ReadFileWithSizeLimit` on `x/distribution`

---
 CHANGELOG.md                       | 1 +
 x/distribution/client/cli/utils.go | 8 +++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fc787270b7..cf27fb0f96 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -74,6 +74,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * (x/foundation) [\#686](https://github.com/line/lbm-sdk/pull/686) remove `Minthreshold` and `MinPercentage` from x/foundation config
 * (x/foundation) [\#693](https://github.com/line/lbm-sdk/pull/693) add pool to the state of x/foundation
 * (x/wasm) [\#696](https://github.com/line/lbm-sdk/pull/696) x/wasm - add checking a wasm file size before reading it
+* (x/distribution) [\#696](https://github.com/line/lbm-sdk/pull/696) x/distribution - add checking a proposal file size before reading it
 
 ### Bug Fixes
 * (x/wasm) [\#453](https://github.com/line/lbm-sdk/pull/453) modify wasm grpc query api path
diff --git a/x/distribution/client/cli/utils.go b/x/distribution/client/cli/utils.go
index d63702dacf..bb00838d3c 100644
--- a/x/distribution/client/cli/utils.go
+++ b/x/distribution/client/cli/utils.go
@@ -1,9 +1,8 @@
 package cli
 
 import (
-	"os"
-
 	"github.com/line/lbm-sdk/codec"
+	"github.com/line/lbm-sdk/internal/os"
 	"github.com/line/lbm-sdk/x/distribution/types"
 )
 
@@ -11,7 +10,10 @@ import (
 func ParseCommunityPoolSpendProposalWithDeposit(cdc codec.JSONCodec, proposalFile string) (types.CommunityPoolSpendProposalWithDeposit, error) {
 	proposal := types.CommunityPoolSpendProposalWithDeposit{}
 
-	contents, err := os.ReadFile(proposalFile)
+	// 2M size limit is enough for a proposal.
+	// Check the proposals:
+	// https://hubble.figment.io/cosmos/chains/cosmoshub-4/governance
+	contents, err := os.ReadFileWithSizeLimit(proposalFile, 2*1024*1024)
 	if err != nil {
 		return proposal, err
 	}

From 80de34c0fb06e2c58b0b29b8074e6027dafa7b4c Mon Sep 17 00:00:00 2001
From: tnasu <toshimasa_nasu@hotmail.com>
Date: Tue, 11 Oct 2022 13:46:15 +0900
Subject: [PATCH 6/6] Modify to one liner

---
 CHANGELOG.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cf27fb0f96..ac3eb9db9c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -73,8 +73,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * (refactor) [\#685](https://github.com/line/lbm-sdk/pull/685) remove x/foundation UpdateValidatorAuthsProposal
 * (x/foundation) [\#686](https://github.com/line/lbm-sdk/pull/686) remove `Minthreshold` and `MinPercentage` from x/foundation config
 * (x/foundation) [\#693](https://github.com/line/lbm-sdk/pull/693) add pool to the state of x/foundation
-* (x/wasm) [\#696](https://github.com/line/lbm-sdk/pull/696) x/wasm - add checking a wasm file size before reading it
-* (x/distribution) [\#696](https://github.com/line/lbm-sdk/pull/696) x/distribution - add checking a proposal file size before reading it
+* (x/wasm,distribution) [\#696](https://github.com/line/lbm-sdk/pull/696) x/wasm,distribution - add checking a file size before reading it
 
 ### Bug Fixes
 * (x/wasm) [\#453](https://github.com/line/lbm-sdk/pull/453) modify wasm grpc query api path