Fix priv escalation test (#14046)

2020-12-10 14:36:33 -08:00
parent 68109a46e0
commit 5ea80e673f
5 changed files with 14 additions and 7 deletions
--- a/programs/bpf/c/src/invoked/invoked.c
+++ b/programs/bpf/c/src/invoked/invoked.c
@ -154,6 +154,7 @@ extern uint64_t entrypoint(const uint8_t *input) {
  }
  case TEST_VERIFY_PRIVILEGE_ESCALATION: {
    sol_log("Success");
+    break;
  }
  case TEST_NESTED_INVOKE: {
    sol_log("invoke");
--- a/programs/bpf/tests/programs.rs
+++ b/programs/bpf/tests/programs.rs
@ -699,7 +699,7 @@ fn test_program_bpf_invoke() {
        assert_eq!(invoked_programs, vec![invoked_program_id.clone()]);
        assert_eq!(
            result.unwrap_err(),
-            TransactionError::InstructionError(0, InstructionError::Custom(194969602))
+            TransactionError::InstructionError(0, InstructionError::PrivilegeEscalation)
        );

        let instruction = Instruction::new(
@ -731,7 +731,7 @@ fn test_program_bpf_invoke() {
        assert_eq!(invoked_programs, vec![invoked_program_id.clone()]);
        assert_eq!(
            result.unwrap_err(),
-            TransactionError::InstructionError(0, InstructionError::Custom(194969602))
+            TransactionError::InstructionError(0, InstructionError::PrivilegeEscalation)
        );

        let instruction = Instruction::new(
--- a/programs/bpf_loader/src/syscalls.rs
+++ b/programs/bpf_loader/src/syscalls.rs
@ -59,8 +59,6 @@ pub enum SyscallError {
    ProgramNotSupported,
    #[error("{0}")]
    InstructionError(InstructionError),
-    #[error("Cross-program invocation with unauthorized signer or writable account")]
-    PrivilegeEscalation,
    #[error("Unaligned pointer")]
    UnalignedPointer,
    #[error("Too many signers")]
@ -1270,7 +1268,9 @@ fn verify_instruction<'a>(
            ))?;
        // Readonly account cannot become writable
        if account.is_writable && !keyed_account.is_writable() {
-            return Err(SyscallError::PrivilegeEscalation.into());
+            return Err(
+                SyscallError::InstructionError(InstructionError::PrivilegeEscalation).into(),
+            );
        }

        if account.is_signer && // If message indicates account is signed
@ -1278,7 +1278,9 @@ fn verify_instruction<'a>(
            keyed_account.signer_key().is_some() // Signed in the parent instruction
            || signers.contains(&account.pubkey) // Signed by the program
        ) {
-            return Err(SyscallError::PrivilegeEscalation.into());
+            return Err(
+                SyscallError::InstructionError(InstructionError::PrivilegeEscalation).into(),
+            );
        }
    }