Fix priv escalation test (#14046)

2020-12-10 14:36:33 -08:00
parent 68109a46e0
commit 5ea80e673f
5 changed files with 14 additions and 7 deletions
--- a/programs/bpf/c/src/invoked/invoked.c
+++ b/programs/bpf/c/src/invoked/invoked.c
@ -154,6 +154,7 @@ extern uint64_t entrypoint(const uint8_t *input) {
  }
  case TEST_VERIFY_PRIVILEGE_ESCALATION: {
    sol_log("Success");
+    break;
  }
  case TEST_NESTED_INVOKE: {
    sol_log("invoke");
--- a/programs/bpf/tests/programs.rs
+++ b/programs/bpf/tests/programs.rs
@ -699,7 +699,7 @@ fn test_program_bpf_invoke() {
        assert_eq!(invoked_programs, vec![invoked_program_id.clone()]);
        assert_eq!(
            result.unwrap_err(),
-            TransactionError::InstructionError(0, InstructionError::Custom(194969602))
+            TransactionError::InstructionError(0, InstructionError::PrivilegeEscalation)
        );

        let instruction = Instruction::new(
@ -731,7 +731,7 @@ fn test_program_bpf_invoke() {
        assert_eq!(invoked_programs, vec![invoked_program_id.clone()]);
        assert_eq!(
            result.unwrap_err(),
-            TransactionError::InstructionError(0, InstructionError::Custom(194969602))
+            TransactionError::InstructionError(0, InstructionError::PrivilegeEscalation)
        );

        let instruction = Instruction::new(
--- a/programs/bpf_loader/src/syscalls.rs
+++ b/programs/bpf_loader/src/syscalls.rs
@ -59,8 +59,6 @@ pub enum SyscallError {
    ProgramNotSupported,
    #[error("{0}")]
    InstructionError(InstructionError),
-    #[error("Cross-program invocation with unauthorized signer or writable account")]
-    PrivilegeEscalation,
    #[error("Unaligned pointer")]
    UnalignedPointer,
    #[error("Too many signers")]
@ -1270,7 +1268,9 @@ fn verify_instruction<'a>(
            ))?;
        // Readonly account cannot become writable
        if account.is_writable && !keyed_account.is_writable() {
-            return Err(SyscallError::PrivilegeEscalation.into());
+            return Err(
+                SyscallError::InstructionError(InstructionError::PrivilegeEscalation).into(),
+            );
        }

        if account.is_signer && // If message indicates account is signed
@ -1278,7 +1278,9 @@ fn verify_instruction<'a>(
            keyed_account.signer_key().is_some() // Signed in the parent instruction
            || signers.contains(&account.pubkey) // Signed by the program
        ) {
-            return Err(SyscallError::PrivilegeEscalation.into());
+            return Err(
+                SyscallError::InstructionError(InstructionError::PrivilegeEscalation).into(),
+            );
        }
    }

--- a/runtime/src/bank.rs
+++ b/runtime/src/bank.rs
@ -114,7 +114,7 @@ pub const SECONDS_PER_YEAR: f64 = 365.25 * 24.0 * 60.0 * 60.0;
 pub const MAX_LEADER_SCHEDULE_STAKES: Epoch = 5;

 type BankStatusCache = StatusCache<Result<()>>;
-#[frozen_abi(digest = "4nZ6EdivqQPcnrnXisbjuTjpcUBoHLDEQWvbZQDCoQQR")]
+#[frozen_abi(digest = "9b9RfyiGPNGcMyP78YSD799ghJSTsGvqHTsJtQo8uqGX")]
 pub type BankSlotDelta = SlotDelta<Result<()>>;
 type TransactionAccountRefCells = Vec<Rc<RefCell<Account>>>;
 type TransactionLoaderRefCells = Vec<Vec<(Pubkey, RefCell<Account>)>>;
--- a/sdk/program/src/instruction.rs
+++ b/sdk/program/src/instruction.rs
@ -167,6 +167,10 @@ pub enum InstructionError {
    /// Computational budget exceeded
    #[error("Computational budget exceeded")]
    ComputationalBudgetExceeded,
+
+    /// Cross-program invocation with unauthorized signer or writable account
+    #[error("Cross-program invocation with unauthorized signer or writable account")]
+    PrivilegeEscalation,
 }

 #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]