From ec7f428519a05249bb9da39c651ccd2799e4b102 Mon Sep 17 00:00:00 2001
From: oxalica <oxalicc@pm.me>
Date: Thu, 19 Sep 2024 06:43:17 -0400
Subject: [PATCH] fix(webapi/register): fix shift overflow

This would make challenge always fail if difficulty is a multiple of 8.
---
 blahd/src/register.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/blahd/src/register.rs b/blahd/src/register.rs
index 24c7aa3..f7c9969 100644
--- a/blahd/src/register.rs
+++ b/blahd/src/register.rs
@@ -195,7 +195,8 @@ pub async fn user_register(
         let hash = &hash[..];
         // `difficulty` is u8 so it must be < 256
         let (bytes, bits) = (expect_bits as usize / 8, expect_bits as usize % 8);
-        let ok = hash[..bytes].iter().all(|&b| b == 0) && hash[bytes] >> (8 - bits) == 0;
+        // NB. Shift by 8 would overflow and wrap around for u8. Convert it to u32 first.
+        let ok = hash[..bytes].iter().all(|&b| b == 0) && (hash[bytes] as u32) >> (8 - bits) == 0;
         if !ok {
             return Err(error_response!(
                 StatusCode::BAD_REQUEST,