fix: validate schema version in decode_continuation

antoineleclair · claude · antoineleclair · commit 48f362eb210c · 2026-04-12T20:57:09.000-04:00
decode_continuation() now checks header.schema against _MAX_SCHEMA,
matching the validation already done in decode_bytes(). Previously a
corrupted or malicious continuation frame with an unsupported schema
version would be silently accepted.

Closes #099

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/dqlitewire/codec.py b/src/dqlitewire/codec.py
@@ -274,6 +274,13 @@ def decode_continuation(self) -> RowsResponse | None:
             header = Header.decode(data[:HEADER_SIZE])
             body = data[HEADER_SIZE : HEADER_SIZE + header.size_words * 8]
 
+            max_schema = _MAX_SCHEMA.get(header.msg_type, 0)
+            if header.schema > max_schema:
+                raise DecodeError(
+                    f"Unsupported schema version {header.schema} for message type "
+                    f"{header.msg_type} (max supported: {max_schema})"
+                )
+
             if header.msg_type == ResponseType.FAILURE:
                 failure = FailureResponse.decode_body(body, schema=header.schema)
                 raise ProtocolError(
diff --git a/tests/test_codec.py b/tests/test_codec.py
@@ -1616,3 +1616,40 @@ def test_chained_continuations_part_part_done(self) -> None:
         decoder.feed(normal.encode())
         msg4 = decoder.decode()
         assert isinstance(msg4, ResultResponse)
+
+    def test_decode_continuation_rejects_unsupported_schema(self) -> None:
+        """099: decode_continuation must validate schema like decode_bytes."""
+        import struct
+
+        from dqlitewire.constants import ValueType
+        from dqlitewire.messages.responses import RowsResponse
+
+        # Build an initial ROWS frame with has_more=True
+        initial = RowsResponse(
+            column_names=["x"],
+            column_types=[ValueType.INTEGER],
+            rows=[[1]],
+            has_more=True,
+        )
+        # Build a continuation frame with schema=1 (unsupported for ROWS)
+        cont_body = RowsResponse(
+            column_names=["x"],
+            column_types=[ValueType.INTEGER],
+            rows=[[2]],
+            has_more=False,
+        ).encode_body()
+        # Manually build header with schema=1
+        from dqlitewire.constants import ResponseType
+
+        size_words = len(cont_body) // 8
+        bad_header = struct.pack("<IBBH", size_words, ResponseType.ROWS, 1, 0)
+        bad_frame = bad_header + cont_body
+
+        decoder = MessageDecoder(is_request=False)
+        decoder.feed(initial.encode() + bad_frame)
+
+        msg1 = decoder.decode()
+        assert isinstance(msg1, RowsResponse) and msg1.has_more
+
+        with pytest.raises(DecodeError, match="Unsupported schema version"):
+            decoder.decode_continuation()
