fix(p2p): preemptive panic recovery (#174)

This protects the library from potential dos vectors introduced by go-header users in the header deserialization and verification code paths.

Author: Wondertan

p2p/session.go

@@ -259,7 +259,14 @@ func (s *session[H]) doRequest(
 }
 
 // processResponses converts HeaderResponse to Header.
-func (s *session[H]) processResponses(responses []*p2p_pb.HeaderResponse) ([]H, error) {
+func (s *session[H]) processResponses(responses []*p2p_pb.HeaderResponse) (h []H, err error) {
+	defer func() {
+		r := recover()
+		if r != nil {
+			err = fmt.Errorf("PANIC processing responses: %s", r)
+		}
+	}()
+
 	hdrs, err := processResponses[H](responses)
 	if err != nil {
 		return nil, err

p2p/subscriber.go

@@ -99,7 +99,15 @@ func (s *Subscriber[H]) Stop(context.Context) error {
 // SetVerifier set given verification func as Header PubSub topic validator
 // Does not punish peers if *header.VerifyError is given with Uncertain set to true.
 func (s *Subscriber[H]) SetVerifier(val func(context.Context, H) error) error {
-	pval := func(ctx context.Context, p peer.ID, msg *pubsub.Message) pubsub.ValidationResult {
+	pval := func(ctx context.Context, p peer.ID, msg *pubsub.Message) (res pubsub.ValidationResult) {
+		defer func() {
+			err := recover()
+			if err != nil {
+				log.Errorf("PANIC while unmarshalling or verifying header: %s", err)
+				res = pubsub.ValidationReject
+			}
+		}()
+
 		hdr := header.New[H]()
 		err := hdr.UnmarshalBinary(msg.Data)
 		if err != nil {