gaspersic/solana
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Adds TEST_DUPLICATE_PRIVILEGE_ESCALATION_SIGNER and TEST_DUPLICATE_PRIVILEGE_ESCALATION_WRITABLE. (#22790)

Browse Source
This commit is contained in:
Alexander Meißner
2022-01-28 00:52:09 +01:00
committed by GitHub
parent 4d891043d1
commit 2804204f80
4 changed files with 86 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
programs/bpf/c/src/invoke/invoke.c
View File

@ -29,6 +29,8 @@ static const uint8_t TEST_EXECUTABLE_LAMPORTS = 16;
static const uint8_t TEST_CALL_PRECOMPILE = 17; static const uint8_t TEST_CALL_PRECOMPILE = 17;
static const uint8_t ADD_LAMPORTS = 18; static const uint8_t ADD_LAMPORTS = 18;
static const uint8_t TEST_RETURN_DATA_TOO_LARGE = 19; static const uint8_t TEST_RETURN_DATA_TOO_LARGE = 19;
static const uint8_t TEST_DUPLICATE_PRIVILEGE_ESCALATION_SIGNER = 20;
static const uint8_t TEST_DUPLICATE_PRIVILEGE_ESCALATION_WRITABLE = 21;
static const int MINT_INDEX = 0; static const int MINT_INDEX = 0;
static const int ARGUMENT_INDEX = 1; static const int ARGUMENT_INDEX = 1;
@ -611,6 +613,42 @@ extern uint64_t entrypoint(const uint8_t *input) {
sol_set_return_data(NULL, 1027); sol_set_return_data(NULL, 1027);
break; break;
} }
case TEST_DUPLICATE_PRIVILEGE_ESCALATION_SIGNER: {
sol_log("Test duplicate privilege escalation signer");
SolAccountMeta arguments[] = {
{accounts[DERIVED_KEY3_INDEX].key, false, false},
{accounts[DERIVED_KEY3_INDEX].key, false, false},
{accounts[DERIVED_KEY3_INDEX].key, false, false}};
uint8_t data[] = {VERIFY_PRIVILEGE_ESCALATION};
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
arguments, SOL_ARRAY_SIZE(arguments),
data, SOL_ARRAY_SIZE(data)};
sol_assert(SUCCESS ==
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
// Signer privilege escalation will always fail the whole transaction
instruction.accounts[1].is_signer = true;
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts));
break;
}
case TEST_DUPLICATE_PRIVILEGE_ESCALATION_WRITABLE: {
sol_log("Test duplicate privilege escalation writable");
SolAccountMeta arguments[] = {
{accounts[DERIVED_KEY3_INDEX].key, false, false},
{accounts[DERIVED_KEY3_INDEX].key, false, false},
{accounts[DERIVED_KEY3_INDEX].key, false, false}};
uint8_t data[] = {VERIFY_PRIVILEGE_ESCALATION};
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
arguments, SOL_ARRAY_SIZE(arguments),
data, SOL_ARRAY_SIZE(data)};
sol_assert(SUCCESS ==
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
// Writable privilege escalation will always fail the whole transaction
instruction.accounts[1].is_writable = true;
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts));
break;
}
default: default:
sol_panic(); sol_panic();

2
programs/bpf/rust/invoke/src/instructions.rs
View File

@ -19,6 +19,8 @@ pub const TEST_EXECUTABLE_LAMPORTS: u8 = 16;
pub const TEST_CALL_PRECOMPILE: u8 = 17; pub const TEST_CALL_PRECOMPILE: u8 = 17;
pub const ADD_LAMPORTS: u8 = 18; pub const ADD_LAMPORTS: u8 = 18;
pub const TEST_RETURN_DATA_TOO_LARGE: u8 = 19; pub const TEST_RETURN_DATA_TOO_LARGE: u8 = 19;
pub const TEST_DUPLICATE_PRIVILEGE_ESCALATION_SIGNER: u8 = 20;
pub const TEST_DUPLICATE_PRIVILEGE_ESCALATION_WRITABLE: u8 = 21;
pub const MINT_INDEX: usize = 0; pub const MINT_INDEX: usize = 0;
pub const ARGUMENT_INDEX: usize = 1; pub const ARGUMENT_INDEX: usize = 1;

35
programs/bpf/rust/invoke/src/processor.rs
View File

@ -426,7 +426,6 @@ fn process_instruction(
// Writable privilege escalation will always fail the whole transaction // Writable privilege escalation will always fail the whole transaction
invoked_instruction.accounts[0].is_writable = true; invoked_instruction.accounts[0].is_writable = true;
invoke(&invoked_instruction, accounts)?; invoke(&invoked_instruction, accounts)?;
} }
TEST_PPROGRAM_NOT_EXECUTABLE => { TEST_PPROGRAM_NOT_EXECUTABLE => {
@ -638,6 +637,40 @@ fn process_instruction(
TEST_RETURN_DATA_TOO_LARGE => { TEST_RETURN_DATA_TOO_LARGE => {
set_return_data(&[1u8; 1028]); set_return_data(&[1u8; 1028]);
} }
TEST_DUPLICATE_PRIVILEGE_ESCALATION_SIGNER => {
msg!("Test duplicate privilege escalation signer");
let mut invoked_instruction = create_instruction(
*accounts[INVOKED_PROGRAM_INDEX].key,
&[
(accounts[DERIVED_KEY3_INDEX].key, false, false),
(accounts[DERIVED_KEY3_INDEX].key, false, false),
(accounts[DERIVED_KEY3_INDEX].key, false, false),
],
vec![VERIFY_PRIVILEGE_ESCALATION],
);
invoke(&invoked_instruction, accounts)?;
// Signer privilege escalation will always fail the whole transaction
invoked_instruction.accounts[1].is_signer = true;
invoke(&invoked_instruction, accounts)?;
}
TEST_DUPLICATE_PRIVILEGE_ESCALATION_WRITABLE => {
msg!("Test duplicate privilege escalation writable");
let mut invoked_instruction = create_instruction(
*accounts[INVOKED_PROGRAM_INDEX].key,
&[
(accounts[DERIVED_KEY3_INDEX].key, false, false),
(accounts[DERIVED_KEY3_INDEX].key, false, false),
(accounts[DERIVED_KEY3_INDEX].key, false, false),
],
vec![VERIFY_PRIVILEGE_ESCALATION],
);
invoke(&invoked_instruction, accounts)?;
// Writable privilege escalation will always fail the whole transaction
invoked_instruction.accounts[1].is_writable = true;
invoke(&invoked_instruction, accounts)?;
}
_ => panic!(), _ => panic!(),
} }

12
programs/bpf/tests/programs.rs
View File

@ -1103,6 +1103,18 @@ fn test_program_bpf_invoke_sanity() {
&[], &[],
); );
do_invoke_failure_test_local(
TEST_DUPLICATE_PRIVILEGE_ESCALATION_SIGNER,
TransactionError::InstructionError(0, InstructionError::PrivilegeEscalation),
&[invoked_program_id.clone()],
);
do_invoke_failure_test_local(
TEST_DUPLICATE_PRIVILEGE_ESCALATION_WRITABLE,
TransactionError::InstructionError(0, InstructionError::PrivilegeEscalation),
&[invoked_program_id.clone()],
);
// Check resulting state // Check resulting state
assert_eq!(43, bank.get_balance(&derived_key1)); assert_eq!(43, bank.get_balance(&derived_key1));