Fail secp256k1 if the instruction data looks incorrect (#19300)

2021-08-19 13:13:54 -07:00
parent f59a55be17
commit 3ec33e7d02
9 changed files with 74 additions and 12 deletions
--- a/sdk/src/secp256k1_instruction.rs
+++ b/sdk/src/secp256k1_instruction.rs
@@ -103,11 +103,18 @@ pub fn verify_eth_addresses(
    data: &[u8],
    instruction_datas: &[&[u8]],
    libsecp256k1_0_5_upgrade_enabled: bool,
+    libsecp256k1_fail_on_bad_count: bool,
 ) -> Result<(), Secp256k1Error> {
    if data.is_empty() {
        return Err(Secp256k1Error::InvalidInstructionDataSize);
    }
    let count = data[0] as usize;
+    if libsecp256k1_fail_on_bad_count && count == 0 && data.len() > 1 {
+        // count is zero but the instruction data indicates that is probably not
+        // correct, fail the instruction to catch probable invalid secp256k1
+        // instruction construction.
+        return Err(Secp256k1Error::InvalidInstructionDataSize);
+    }
    let expected_data_size = count
        .saturating_mul(SIGNATURE_OFFSETS_SERIALIZED_SIZE)
        .saturating_add(1);
@@ -215,7 +222,7 @@ pub mod test {
        let writer = std::io::Cursor::new(&mut instruction_data[1..]);
        bincode::serialize_into(writer, &offsets).unwrap();

-        verify_eth_addresses(&instruction_data, &[&[0u8; 100]], false)
+        verify_eth_addresses(&instruction_data, &[&[0u8; 100]], false, true)
    }

    #[test]
@@ -230,7 +237,7 @@ pub mod test {
        instruction_data.truncate(instruction_data.len() - 1);

        assert_eq!(
-            verify_eth_addresses(&instruction_data, &[&[0u8; 100]], false),
+            verify_eth_addresses(&instruction_data, &[&[0u8; 100]], false, true),
            Err(Secp256k1Error::InvalidInstructionDataSize)
        );

@@ -346,4 +353,19 @@ pub mod test {
            Err(Secp256k1Error::InvalidSignature)
        );
    }
+
+    #[test]
+    fn test_count_is_zero_but_sig_data_exists() {
+        solana_logger::setup();
+
+        let mut instruction_data = vec![0u8; DATA_START];
+        let offsets = SecpSignatureOffsets::default();
+        instruction_data[0] = 0;
+        let writer = std::io::Cursor::new(&mut instruction_data[1..]);
+        bincode::serialize_into(writer, &offsets).unwrap();
+        assert_eq!(
+            verify_eth_addresses(&instruction_data, &[&[0u8; 100]], false, true),
+            Err(Secp256k1Error::InvalidInstructionDataSize)
+        );
+    }
 }