From 0a698fc48fdef0b1868a687f69b99c317666a8bb Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Wed, 27 Oct 2021 01:00:01 +0000 Subject: [PATCH] Instruction sysvar fixes, additions (backport #20958) (#21001) * Instruction sysvar fixes, additions (#20958) (cherry picked from commit 4fe3354c8f78cc140c71ea9897cd663ac33dde11) # Conflicts: # programs/bpf/rust/sysvar/src/lib.rs # programs/bpf/tests/programs.rs # sdk/program/src/sysvar/instructions.rs * resolve conflicts Co-authored-by: Jack May --- .../rust/instruction_introspection/src/lib.rs | 6 +- programs/bpf/rust/sysvar/src/lib.rs | 2 +- sdk/program/src/sysvar/instructions.rs | 230 ++++++++++++++++-- 3 files changed, 219 insertions(+), 19 deletions(-) diff --git a/programs/bpf/rust/instruction_introspection/src/lib.rs b/programs/bpf/rust/instruction_introspection/src/lib.rs index bb750117b7..74755d71c5 100644 --- a/programs/bpf/rust/instruction_introspection/src/lib.rs +++ b/programs/bpf/rust/instruction_introspection/src/lib.rs @@ -29,11 +29,9 @@ fn process_instruction( let instruction = instructions::load_instruction_at_checked( secp_instruction_index as usize, instruction_accounts, - ) - .map_err(|_| ProgramError::InvalidAccountData)?; + )?; - let current_instruction = - instructions::load_current_index(&instruction_accounts.try_borrow_data()?); + let current_instruction = instructions::load_current_index_checked(instruction_accounts)?; let my_index = instruction_data[1] as u16; assert_eq!(current_instruction, my_index); diff --git a/programs/bpf/rust/sysvar/src/lib.rs b/programs/bpf/rust/sysvar/src/lib.rs index 3f4cac5be2..e0605e507d 100644 --- a/programs/bpf/rust/sysvar/src/lib.rs +++ b/programs/bpf/rust/sysvar/src/lib.rs @@ -59,7 +59,7 @@ pub fn process_instruction( msg!("Instructions identifier:"); sysvar::instructions::id().log(); assert_eq!(*accounts[4].owner, sysvar::id()); - let index = instructions::load_current_index(&accounts[5].try_borrow_data()?); + let index = instructions::load_current_index_checked(&accounts[5])?; let instruction = instructions::load_instruction_at_checked(index as usize, &accounts[5])?; assert_eq!(0, index); assert_eq!( diff --git a/sdk/program/src/sysvar/instructions.rs b/sdk/program/src/sysvar/instructions.rs index 7cc73df0e3..30e6716c7f 100644 --- a/sdk/program/src/sysvar/instructions.rs +++ b/sdk/program/src/sysvar/instructions.rs @@ -11,7 +11,12 @@ pub struct Instructions(); crate::declare_sysvar_id!("Sysvar1nstructions1111111111111111111111111", Instructions); -/// Load the current instruction's index from the Instructions Sysvar data +/// Load the current `Instruction`'s index in the currently executing +/// `Transaction` from the Instructions Sysvar data +#[deprecated( + since = "1.8.0", + note = "Unsafe because the sysvar accounts address is not checked, please use `load_current_index_checked` instead" +)] pub fn load_current_index(data: &[u8]) -> u16 { let mut instr_fixed_data = [0u8; 2]; let len = data.len(); @@ -19,13 +24,30 @@ pub fn load_current_index(data: &[u8]) -> u16 { u16::from_le_bytes(instr_fixed_data) } -/// Store the current instruction's index in the Instructions Sysvar data +/// Load the current `Instruction`'s index in the currently executing +/// `Transaction` +pub fn load_current_index_checked( + instruction_sysvar_account_info: &AccountInfo, +) -> Result { + if !check_id(instruction_sysvar_account_info.key) { + return Err(ProgramError::UnsupportedSysvar); + } + + let instruction_sysvar = instruction_sysvar_account_info.try_borrow_data()?; + let mut instr_fixed_data = [0u8; 2]; + let len = instruction_sysvar.len(); + instr_fixed_data.copy_from_slice(&instruction_sysvar[len - 2..len]); + Ok(u16::from_le_bytes(instr_fixed_data)) +} + +/// Store the current `Instruction`'s index in the Instructions Sysvar data pub fn store_current_index(data: &mut [u8], instruction_index: u16) { let last_index = data.len() - 2; data[last_index..last_index + 2].copy_from_slice(&instruction_index.to_le_bytes()); } -/// Load an instruction at the specified index +/// Load an `Instruction` in the currently executing `Transaction` at the +/// specified index #[deprecated( since = "1.8.0", note = "Unsafe because the sysvar accounts address is not checked, please use `load_instruction_at_checked` instead" @@ -34,7 +56,8 @@ pub fn load_instruction_at(index: usize, data: &[u8]) -> Result Result { + if !check_id(instruction_sysvar_account_info.key) { + return Err(ProgramError::UnsupportedSysvar); + } + + let instruction_sysvar = instruction_sysvar_account_info.data.borrow(); + #[allow(deprecated)] + let current_index = load_current_index(&instruction_sysvar) as i64; + let index = current_index.saturating_add(index_relative_to_current); + if index < 0 { + return Err(ProgramError::InvalidArgument); + } + #[allow(deprecated)] + load_instruction_at( + current_index.saturating_add(index_relative_to_current) as usize, + &instruction_sysvar, + ) + .map_err(|err| match err { + SanitizeError::IndexOutOfBounds => ProgramError::InvalidArgument, + _ => ProgramError::InvalidInstructionData, + }) +} + #[cfg(test)] mod tests { use super::*; @@ -61,24 +112,26 @@ mod tests { fn test_load_store_instruction() { let mut data = [4u8; 10]; store_current_index(&mut data, 3); - assert_eq!(load_current_index(&data), 3); + #[allow(deprecated)] + let index = load_current_index(&data); + assert_eq!(index, 3); assert_eq!([4u8; 8], data[0..8]); } #[test] fn test_load_instruction_at_checked() { + let instruction0 = Instruction::new_with_bincode( + Pubkey::new_unique(), + &0, + vec![AccountMeta::new(Pubkey::new_unique(), false)], + ); let instruction1 = Instruction::new_with_bincode( Pubkey::new_unique(), &0, vec![AccountMeta::new(Pubkey::new_unique(), false)], ); - let instruction2 = Instruction::new_with_bincode( - Pubkey::new_unique(), - &0, - vec![AccountMeta::new(Pubkey::new_unique(), false)], - ); let message = Message::new( - &[instruction1.clone(), instruction2.clone()], + &[instruction0.clone(), instruction1.clone()], Some(&Pubkey::new_unique()), ); @@ -87,7 +140,7 @@ mod tests { let mut data = message.serialize_instructions(true); data.resize(data.len() + 2, 0); let owner = crate::sysvar::id(); - let account_info = AccountInfo::new( + let mut account_info = AccountInfo::new( &key, false, false, @@ -99,16 +152,165 @@ mod tests { ); assert_eq!( - instruction1, + instruction0, load_instruction_at_checked(0, &account_info).unwrap() ); assert_eq!( - instruction2, + instruction1, load_instruction_at_checked(1, &account_info).unwrap() ); assert_eq!( Err(ProgramError::InvalidArgument), load_instruction_at_checked(2, &account_info) ); + + let key = Pubkey::new_unique(); + account_info.key = &key; + assert_eq!( + Err(ProgramError::UnsupportedSysvar), + load_instruction_at_checked(2, &account_info) + ); + } + + #[test] + fn test_load_current_index_checked() { + let instruction0 = Instruction::new_with_bincode( + Pubkey::new_unique(), + &0, + vec![AccountMeta::new(Pubkey::new_unique(), false)], + ); + let instruction1 = Instruction::new_with_bincode( + Pubkey::new_unique(), + &0, + vec![AccountMeta::new(Pubkey::new_unique(), false)], + ); + let message = Message::new(&[instruction0, instruction1], Some(&Pubkey::new_unique())); + + let key = id(); + let mut lamports = 0; + let mut data = message.serialize_instructions(true); + data.resize(data.len() + 2, 0); + store_current_index(&mut data, 1); + let owner = crate::sysvar::id(); + let mut account_info = AccountInfo::new( + &key, + false, + false, + &mut lamports, + &mut data, + &owner, + false, + 0, + ); + + assert_eq!(1, load_current_index_checked(&account_info).unwrap()); + { + let mut data = account_info.try_borrow_mut_data().unwrap(); + store_current_index(&mut data, 0); + } + assert_eq!(0, load_current_index_checked(&account_info).unwrap()); + + let key = Pubkey::new_unique(); + account_info.key = &key; + assert_eq!( + Err(ProgramError::UnsupportedSysvar), + load_current_index_checked(&account_info) + ); + } + + #[test] + fn test_get_instruction_relative() { + let instruction0 = Instruction::new_with_bincode( + Pubkey::new_unique(), + &0, + vec![AccountMeta::new(Pubkey::new_unique(), false)], + ); + let instruction1 = Instruction::new_with_bincode( + Pubkey::new_unique(), + &0, + vec![AccountMeta::new(Pubkey::new_unique(), false)], + ); + let instruction2 = Instruction::new_with_bincode( + Pubkey::new_unique(), + &0, + vec![AccountMeta::new(Pubkey::new_unique(), false)], + ); + let message = Message::new( + &[ + instruction0.clone(), + instruction1.clone(), + instruction2.clone(), + ], + Some(&Pubkey::new_unique()), + ); + + let key = id(); + let mut lamports = 0; + let mut data = message.serialize_instructions(true); + data.resize(data.len() + 2, 0); + store_current_index(&mut data, 1); + let owner = crate::sysvar::id(); + let mut account_info = AccountInfo::new( + &key, + false, + false, + &mut lamports, + &mut data, + &owner, + false, + 0, + ); + + assert_eq!( + Err(ProgramError::InvalidArgument), + get_instruction_relative(-2, &account_info) + ); + assert_eq!( + instruction0, + get_instruction_relative(-1, &account_info).unwrap() + ); + assert_eq!( + instruction1, + get_instruction_relative(0, &account_info).unwrap() + ); + assert_eq!( + instruction2, + get_instruction_relative(1, &account_info).unwrap() + ); + assert_eq!( + Err(ProgramError::InvalidArgument), + get_instruction_relative(2, &account_info) + ); + { + let mut data = account_info.try_borrow_mut_data().unwrap(); + store_current_index(&mut data, 0); + } + assert_eq!( + Err(ProgramError::InvalidArgument), + get_instruction_relative(-1, &account_info) + ); + assert_eq!( + instruction0, + get_instruction_relative(0, &account_info).unwrap() + ); + assert_eq!( + instruction1, + get_instruction_relative(1, &account_info).unwrap() + ); + assert_eq!( + instruction2, + get_instruction_relative(2, &account_info).unwrap() + ); + assert_eq!( + Err(ProgramError::InvalidArgument), + get_instruction_relative(3, &account_info) + ); + + let key = Pubkey::new_unique(); + account_info.key = &key; + assert_eq!( + Err(ProgramError::UnsupportedSysvar), + get_instruction_relative(0, &account_info) + ); } }