From 2df524320a06073aa2813db24243cdefd6f82e83 Mon Sep 17 00:00:00 2001
From: Siddharth Baleja <siddharthbaleja31@gmail.com>
Date: Tue, 18 Nov 2025 18:33:20 +0530
Subject: [PATCH 1/5] feat(pdp): enforce extraData size limit at the service
 level (fixes #713)

---
 pdp/handlers_add.go    |  5 +++++
 pdp/handlers_create.go | 20 ++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/pdp/handlers_add.go b/pdp/handlers_add.go
index 7d964b381..515852701 100644
--- a/pdp/handlers_add.go
+++ b/pdp/handlers_add.go
@@ -329,6 +329,11 @@ func (p *PDPService) handleAddPieceToDataSet(w http.ResponseWriter, r *http.Requ
 		http.Error(w, "Invalid extraData format (must be hex encoded): "+err.Error(), http.StatusBadRequest)
 		return
 	}
+	if len(extraDataBytes) > MaxAddPiecesExtraDataSize {
+        errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for AddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize)
+        http.Error(w, errMsg, http.StatusBadRequest)
+        return
+    }
 
 	// Step 4: Prepare piece information
 	pieceDataArray, subPieceInfoMap, subPieceCidList, err := p.transformAddPiecesRequest(ctx, serviceLabel, payload.Pieces)
diff --git a/pdp/handlers_create.go b/pdp/handlers_create.go
index f7200d45e..049a9ace4 100644
--- a/pdp/handlers_create.go
+++ b/pdp/handlers_create.go
@@ -3,6 +3,7 @@ package pdp
 import (
 	"encoding/hex"
 	"encoding/json"
+	"fmt"
 	"io"
 	"math/big"
 	"net/http"
@@ -16,6 +17,15 @@ import (
 	"github.com/filecoin-project/curio/harmony/harmonydb"
 	"github.com/filecoin-project/curio/pdp/contract"
 )
+const (
+	// MaxCreateDataSetExtraDataSize defines the service-level limit for extraData in CreateDataSet calls (4KB).
+	// Recommended in FilOzone/pdp#224.
+	MaxCreateDataSetExtraDataSize = 4096
+
+	// MaxAddPiecesExtraDataSize defines the service-level limit for extraData in AddPieces calls (8KB).
+	// Recommended in FilOzone/pdp#224.
+	MaxAddPiecesExtraDataSize = 8192
+)
 
 var logCreate = logger.Logger("pdp/create")
 
@@ -64,6 +74,11 @@ func (p *PDPService) handleCreateDataSetAndAddPieces(w http.ResponseWriter, r *h
 		http.Error(w, "Invalid extraData format (must be hex encoded)", http.StatusBadRequest)
 		return
 	}
+	if len(extraDataBytes) > MaxAddPiecesExtraDataSize {
+        errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSetAndAddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize)
+        http.Error(w, errMsg, http.StatusBadRequest)
+        return
+    }
 
 	// Check if indexing is needed by decoding the extraData
 	mustIndex, err := CheckIfIndexingNeededFromExtraData(extraDataBytes)
@@ -224,6 +239,11 @@ func (p *PDPService) handleCreateDataSet(w http.ResponseWriter, r *http.Request)
 		http.Error(w, "Invalid extraData format (must be hex encoded): "+err.Error(), http.StatusBadRequest)
 		return
 	}
+	if len(extraDataBytes) > MaxCreateDataSetExtraDataSize {
+        errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSet (%d bytes)", len(extraDataBytes), MaxCreateDataSetExtraDataSize)
+        http.Error(w, errMsg, http.StatusBadRequest)
+        return
+    }
 
 	// Step 3: Get the sender address from 'eth_keys' table where role = 'pdp' limit 1
 	fromAddress, err := p.getSenderAddress(ctx)

From e61fbe49525986b426c32bbb1b7ad6da0cefaf4e Mon Sep 17 00:00:00 2001
From: Siddharth Baleja <siddharthbaleja31@gmail.com>
Date: Tue, 18 Nov 2025 18:52:51 +0530
Subject: [PATCH 2/5] Linting

---
 pdp/handlers_add.go    |  8 ++++----
 pdp/handlers_create.go | 17 +++++++++--------
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/pdp/handlers_add.go b/pdp/handlers_add.go
index 515852701..256c22344 100644
--- a/pdp/handlers_add.go
+++ b/pdp/handlers_add.go
@@ -330,10 +330,10 @@ func (p *PDPService) handleAddPieceToDataSet(w http.ResponseWriter, r *http.Requ
 		return
 	}
 	if len(extraDataBytes) > MaxAddPiecesExtraDataSize {
-        errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for AddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize)
-        http.Error(w, errMsg, http.StatusBadRequest)
-        return
-    }
+		errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for AddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize)
+		http.Error(w, errMsg, http.StatusBadRequest)
+		return
+	}
 
 	// Step 4: Prepare piece information
 	pieceDataArray, subPieceInfoMap, subPieceCidList, err := p.transformAddPiecesRequest(ctx, serviceLabel, payload.Pieces)
diff --git a/pdp/handlers_create.go b/pdp/handlers_create.go
index 049a9ace4..7a22c293a 100644
--- a/pdp/handlers_create.go
+++ b/pdp/handlers_create.go
@@ -17,6 +17,7 @@ import (
 	"github.com/filecoin-project/curio/harmony/harmonydb"
 	"github.com/filecoin-project/curio/pdp/contract"
 )
+
 const (
 	// MaxCreateDataSetExtraDataSize defines the service-level limit for extraData in CreateDataSet calls (4KB).
 	// Recommended in FilOzone/pdp#224.
@@ -75,10 +76,10 @@ func (p *PDPService) handleCreateDataSetAndAddPieces(w http.ResponseWriter, r *h
 		return
 	}
 	if len(extraDataBytes) > MaxAddPiecesExtraDataSize {
-        errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSetAndAddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize)
-        http.Error(w, errMsg, http.StatusBadRequest)
-        return
-    }
+		errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSetAndAddPieces (%d bytes)", len(extraDataBytes), MaxAddPiecesExtraDataSize)
+		http.Error(w, errMsg, http.StatusBadRequest)
+		return
+	}
 
 	// Check if indexing is needed by decoding the extraData
 	mustIndex, err := CheckIfIndexingNeededFromExtraData(extraDataBytes)
@@ -240,10 +241,10 @@ func (p *PDPService) handleCreateDataSet(w http.ResponseWriter, r *http.Request)
 		return
 	}
 	if len(extraDataBytes) > MaxCreateDataSetExtraDataSize {
-        errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSet (%d bytes)", len(extraDataBytes), MaxCreateDataSetExtraDataSize)
-        http.Error(w, errMsg, http.StatusBadRequest)
-        return
-    }
+		errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for CreateDataSet (%d bytes)", len(extraDataBytes), MaxCreateDataSetExtraDataSize)
+		http.Error(w, errMsg, http.StatusBadRequest)
+		return
+	}
 
 	// Step 3: Get the sender address from 'eth_keys' table where role = 'pdp' limit 1
 	fromAddress, err := p.getSenderAddress(ctx)

From b3f52e3fbc68e34c64e974a33fc3a7bfded9e6f4 Mon Sep 17 00:00:00 2001
From: Siddharth Baleja <siddharthbaleja31@gmail.com>
Date: Thu, 4 Dec 2025 22:17:23 +0530
Subject: [PATCH 3/5] fix(pdp): enforce 256-byte extraData limit in delete
 piece and clarify terminology

---
 pdp/handlers.go        | 4 ++++
 pdp/handlers_create.go | 6 ++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/pdp/handlers.go b/pdp/handlers.go
index 2341e0e8e..e63faec9d 100644
--- a/pdp/handlers.go
+++ b/pdp/handlers.go
@@ -865,6 +865,10 @@ func (p *PDPService) handleDeleteDataSetPiece(w http.ResponseWriter, r *http.Req
 			http.Error(w, "Invalid extraData format (must be hex encoded)", http.StatusBadRequest)
 			return
 		}
+		if len(extraDataBytes) > 256 {
+			http.Error(w, "extraData too long (max 256 bytes)", http.StatusBadRequest)
+			return
+		}
 	}
 
 	// Check if we have this piece or not
diff --git a/pdp/handlers_create.go b/pdp/handlers_create.go
index 7a22c293a..82f808385 100644
--- a/pdp/handlers_create.go
+++ b/pdp/handlers_create.go
@@ -19,12 +19,10 @@ import (
 )
 
 const (
-	// MaxCreateDataSetExtraDataSize defines the service-level limit for extraData in CreateDataSet calls (4KB).
-	// Recommended in FilOzone/pdp#224.
+	// MaxCreateDataSetExtraDataSize defines the limit for extraData size in CreateDataSet calls (4KB).
 	MaxCreateDataSetExtraDataSize = 4096
 
-	// MaxAddPiecesExtraDataSize defines the service-level limit for extraData in AddPieces calls (8KB).
-	// Recommended in FilOzone/pdp#224.
+	// MaxAddPiecesExtraDataSize defines the limit for extraData size in AddPieces calls (8KB).
 	MaxAddPiecesExtraDataSize = 8192
 )
 

From 80c75ecc3f76115f478d41a1dc5c6a329de5f727 Mon Sep 17 00:00:00 2001
From: Siddharth Baleja <siddharthbaleja31@gmail.com>
Date: Fri, 5 Dec 2025 12:04:00 +0530
Subject: [PATCH 4/5] refactor(pdp): consolidate extraData limits in
 handlers.go and add delete limit

---
 pdp/handlers.go        | 13 ++++++++++++-
 pdp/handlers_create.go |  8 --------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/pdp/handlers.go b/pdp/handlers.go
index e63faec9d..e4a69e875 100644
--- a/pdp/handlers.go
+++ b/pdp/handlers.go
@@ -36,6 +36,17 @@ import (
 // PDPRoutePath is the base path for PDP routes
 const PDPRoutePath = "/pdp"
 
+const (
+	// MaxCreateDataSetExtraDataSize defines the limit for extraData size in CreateDataSet calls (4KB).
+	MaxCreateDataSetExtraDataSize = 4096
+
+	// MaxAddPiecesExtraDataSize defines the limit for extraData size in AddPieces calls (8KB).
+	MaxAddPiecesExtraDataSize = 8192
+
+	// MaxDeletePieceExtraDataSize defines the limit for extraData size in DeletePiece calls (256B).
+	MaxDeletePieceExtraDataSize = 256
+)
+
 // PDPService represents the service for managing data sets and pieces
 type PDPService struct {
 	Auth
@@ -865,7 +876,7 @@ func (p *PDPService) handleDeleteDataSetPiece(w http.ResponseWriter, r *http.Req
 			http.Error(w, "Invalid extraData format (must be hex encoded)", http.StatusBadRequest)
 			return
 		}
-		if len(extraDataBytes) > 256 {
+		if len(extraDataBytes) > MaxDeletePieceExtraDataSize {
 			http.Error(w, "extraData too long (max 256 bytes)", http.StatusBadRequest)
 			return
 		}
diff --git a/pdp/handlers_create.go b/pdp/handlers_create.go
index 82f808385..af1b2a0b9 100644
--- a/pdp/handlers_create.go
+++ b/pdp/handlers_create.go
@@ -18,14 +18,6 @@ import (
 	"github.com/filecoin-project/curio/pdp/contract"
 )
 
-const (
-	// MaxCreateDataSetExtraDataSize defines the limit for extraData size in CreateDataSet calls (4KB).
-	MaxCreateDataSetExtraDataSize = 4096
-
-	// MaxAddPiecesExtraDataSize defines the limit for extraData size in AddPieces calls (8KB).
-	MaxAddPiecesExtraDataSize = 8192
-)
-
 var logCreate = logger.Logger("pdp/create")
 
 // handleCreateDataSetAndAddPieces handles the creation of a new data set and adding pieces at the same time

From 317d533fc0ca3c6d77c04c41d3e37a85efa867a2 Mon Sep 17 00:00:00 2001
From: Siddharth Baleja <siddharthbaleja31@gmail.com>
Date: Fri, 5 Dec 2025 12:25:48 +0530
Subject: [PATCH 5/5] Changes

---
 pdp/handlers.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pdp/handlers.go b/pdp/handlers.go
index e4a69e875..d2f49a818 100644
--- a/pdp/handlers.go
+++ b/pdp/handlers.go
@@ -877,7 +877,8 @@ func (p *PDPService) handleDeleteDataSetPiece(w http.ResponseWriter, r *http.Req
 			return
 		}
 		if len(extraDataBytes) > MaxDeletePieceExtraDataSize {
-			http.Error(w, "extraData too long (max 256 bytes)", http.StatusBadRequest)
+			errMsg := fmt.Sprintf("extraData size (%d bytes) exceeds the maximum allowed limit for DeletePiece (%d bytes)", len(extraDataBytes), MaxDeletePieceExtraDataSize)
+			http.Error(w, errMsg, http.StatusBadRequest)
 			return
 		}
 	}