Cap seeds not signers (#13941)
This commit is contained in:
Jack May
GitHub
@ -9,6 +9,7 @@ static const uint8_t TEST_PRIVILEGE_ESCALATION_SIGNER = 2;
|
|||||||
static const uint8_t TEST_PRIVILEGE_ESCALATION_WRITABLE = 3;
|
static const uint8_t TEST_PRIVILEGE_ESCALATION_WRITABLE = 3;
|
||||||
static const uint8_t TEST_PPROGRAM_NOT_EXECUTABLE = 4;
|
static const uint8_t TEST_PPROGRAM_NOT_EXECUTABLE = 4;
|
||||||
static const uint8_t TEST_EMPTY_ACCOUNTS_SLICE = 5;
|
static const uint8_t TEST_EMPTY_ACCOUNTS_SLICE = 5;
|
||||||
|
static const uint8_t TEST_CAP_SEEDS = 6;
|
||||||
|
|
||||||
static const int MINT_INDEX = 0;
|
static const int MINT_INDEX = 0;
|
||||||
static const int ARGUMENT_INDEX = 1;
|
static const int ARGUMENT_INDEX = 1;
|
||||||
@ -282,6 +283,33 @@ extern uint64_t entrypoint(const uint8_t *input) {
|
|||||||
|
|
||||||
sol_assert(SUCCESS == sol_invoke(&instruction, 0, 0));
|
sol_assert(SUCCESS == sol_invoke(&instruction, 0, 0));
|
||||||
}
|
}
|
||||||
|
case TEST_CAP_SEEDS: {
|
||||||
|
sol_log("Test cap seeds");
|
||||||
|
{
|
||||||
|
SolAccountMeta arguments[] = {};
|
||||||
|
uint8_t data[] = {};
|
||||||
|
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
|
||||||
|
arguments, SOL_ARRAY_SIZE(arguments),
|
||||||
|
data, SOL_ARRAY_SIZE(data)};
|
||||||
|
uint8_t seed[] = {"seed"};
|
||||||
|
const SolSignerSeed seeds[] = {
|
||||||
|
{seed, SOL_ARRAY_SIZE(seed)}, {seed, SOL_ARRAY_SIZE(seed)},
|
||||||
|
{seed, SOL_ARRAY_SIZE(seed)}, {seed, SOL_ARRAY_SIZE(seed)},
|
||||||
|
{seed, SOL_ARRAY_SIZE(seed)}, {seed, SOL_ARRAY_SIZE(seed)},
|
||||||
|
{seed, SOL_ARRAY_SIZE(seed)}, {seed, SOL_ARRAY_SIZE(seed)},
|
||||||
|
{seed, SOL_ARRAY_SIZE(seed)}, {seed, SOL_ARRAY_SIZE(seed)},
|
||||||
|
{seed, SOL_ARRAY_SIZE(seed)}, {seed, SOL_ARRAY_SIZE(seed)},
|
||||||
|
{seed, SOL_ARRAY_SIZE(seed)}, {seed, SOL_ARRAY_SIZE(seed)},
|
||||||
|
{seed, SOL_ARRAY_SIZE(seed)}, {seed, SOL_ARRAY_SIZE(seed)},
|
||||||
|
{seed, SOL_ARRAY_SIZE(seed)},
|
||||||
|
};
|
||||||
|
const SolSignerSeeds signers_seeds[] = {{seeds, SOL_ARRAY_SIZE(seeds)}};
|
||||||
|
sol_assert(SUCCESS == sol_invoke_signed(&instruction, accounts,
|
||||||
|
SOL_ARRAY_SIZE(accounts),
|
||||||
|
signers_seeds,
|
||||||
|
SOL_ARRAY_SIZE(signers_seeds)));
|
||||||
|
}
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
sol_panic();
|
sol_panic();
|
||||||
}
|
}
|
||||||
|
|||||||
@ -21,6 +21,7 @@ const TEST_PRIVILEGE_ESCALATION_SIGNER: u8 = 2;
|
|||||||
const TEST_PRIVILEGE_ESCALATION_WRITABLE: u8 = 3;
|
const TEST_PRIVILEGE_ESCALATION_WRITABLE: u8 = 3;
|
||||||
const TEST_PPROGRAM_NOT_EXECUTABLE: u8 = 4;
|
const TEST_PPROGRAM_NOT_EXECUTABLE: u8 = 4;
|
||||||
const TEST_EMPTY_ACCOUNTS_SLICE: u8 = 5;
|
const TEST_EMPTY_ACCOUNTS_SLICE: u8 = 5;
|
||||||
|
const TEST_CAP_SEEDS: u8 = 6;
|
||||||
|
|
||||||
// const MINT_INDEX: usize = 0;
|
// const MINT_INDEX: usize = 0;
|
||||||
const ARGUMENT_INDEX: usize = 1;
|
const ARGUMENT_INDEX: usize = 1;
|
||||||
@ -372,6 +373,18 @@ fn process_instruction(
|
|||||||
let instruction = create_instruction(*accounts[INVOKED_PROGRAM_INDEX].key, &[], vec![]);
|
let instruction = create_instruction(*accounts[INVOKED_PROGRAM_INDEX].key, &[], vec![]);
|
||||||
invoke(&instruction, &[])?;
|
invoke(&instruction, &[])?;
|
||||||
}
|
}
|
||||||
|
TEST_CAP_SEEDS => {
|
||||||
|
msg!("Test program max seeds");
|
||||||
|
let instruction = create_instruction(*accounts[INVOKED_PROGRAM_INDEX].key, &[], vec![]);
|
||||||
|
invoke_signed(
|
||||||
|
&instruction,
|
||||||
|
accounts,
|
||||||
|
&[&[
|
||||||
|
b"1", b"2", b"3", b"4", b"5", b"6", b"7", b"8", b"9", b"0", b"1", b"2", b"3",
|
||||||
|
b"4", b"5", b"6", b"7",
|
||||||
|
]],
|
||||||
|
)?;
|
||||||
|
}
|
||||||
_ => panic!(),
|
_ => panic!(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -491,6 +491,7 @@ fn test_program_bpf_invoke() {
|
|||||||
const TEST_PRIVILEGE_ESCALATION_WRITABLE: u8 = 3;
|
const TEST_PRIVILEGE_ESCALATION_WRITABLE: u8 = 3;
|
||||||
const TEST_PPROGRAM_NOT_EXECUTABLE: u8 = 4;
|
const TEST_PPROGRAM_NOT_EXECUTABLE: u8 = 4;
|
||||||
const TEST_EMPTY_ACCOUNTS_SLICE: u8 = 5;
|
const TEST_EMPTY_ACCOUNTS_SLICE: u8 = 5;
|
||||||
|
const TEST_CAP_SEEDS: u8 = 6;
|
||||||
|
|
||||||
#[allow(dead_code)]
|
#[allow(dead_code)]
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
@ -765,6 +766,33 @@ fn test_program_bpf_invoke() {
|
|||||||
TransactionError::InstructionError(0, InstructionError::MissingAccount)
|
TransactionError::InstructionError(0, InstructionError::MissingAccount)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
let instruction = Instruction::new(
|
||||||
|
invoke_program_id,
|
||||||
|
&[TEST_CAP_SEEDS, bump_seed1, bump_seed2, bump_seed3],
|
||||||
|
account_metas.clone(),
|
||||||
|
);
|
||||||
|
let message = Message::new(&[instruction], Some(&mint_pubkey));
|
||||||
|
let tx = Transaction::new(
|
||||||
|
&[
|
||||||
|
&mint_keypair,
|
||||||
|
&argument_keypair,
|
||||||
|
&invoked_argument_keypair,
|
||||||
|
&from_keypair,
|
||||||
|
],
|
||||||
|
message.clone(),
|
||||||
|
bank.last_blockhash(),
|
||||||
|
);
|
||||||
|
let (result, inner_instructions) = process_transaction_and_record_inner(&bank, tx);
|
||||||
|
let invoked_programs: Vec<Pubkey> = inner_instructions[0]
|
||||||
|
.iter()
|
||||||
|
.map(|ix| message.account_keys[ix.program_id_index as usize].clone())
|
||||||
|
.collect();
|
||||||
|
assert_eq!(invoked_programs, vec![]);
|
||||||
|
assert_eq!(
|
||||||
|
result.unwrap_err(),
|
||||||
|
TransactionError::InstructionError(0, InstructionError::MaxSeedLengthExceeded)
|
||||||
|
);
|
||||||
|
|
||||||
// Check final state
|
// Check final state
|
||||||
|
|
||||||
assert_eq!(43, bank.get_balance(&derived_key1));
|
assert_eq!(43, bank.get_balance(&derived_key1));
|
||||||
|
|||||||
@ -923,9 +923,6 @@ impl<'a> SyscallInvokeSigned<'a> for SyscallInvokeSignedRust<'a> {
|
|||||||
signers_seeds_len,
|
signers_seeds_len,
|
||||||
self.loader_id,
|
self.loader_id,
|
||||||
)?;
|
)?;
|
||||||
if signers_seeds.len() > MAX_SEEDS {
|
|
||||||
return Err(SyscallError::BadSeeds(PubkeyError::MaxSeedLengthExceeded).into());
|
|
||||||
}
|
|
||||||
for signer_seeds in signers_seeds.iter() {
|
for signer_seeds in signers_seeds.iter() {
|
||||||
let untranslated_seeds = translate_slice::<&[u8]>(
|
let untranslated_seeds = translate_slice::<&[u8]>(
|
||||||
memory_mapping,
|
memory_mapping,
|
||||||
@ -933,6 +930,12 @@ impl<'a> SyscallInvokeSigned<'a> for SyscallInvokeSignedRust<'a> {
|
|||||||
signer_seeds.len() as u64,
|
signer_seeds.len() as u64,
|
||||||
self.loader_id,
|
self.loader_id,
|
||||||
)?;
|
)?;
|
||||||
|
if untranslated_seeds.len() > MAX_SEEDS {
|
||||||
|
return Err(SyscallError::InstructionError(
|
||||||
|
InstructionError::MaxSeedLengthExceeded,
|
||||||
|
)
|
||||||
|
.into());
|
||||||
|
}
|
||||||
let seeds = untranslated_seeds
|
let seeds = untranslated_seeds
|
||||||
.iter()
|
.iter()
|
||||||
.map(|untranslated_seed| {
|
.map(|untranslated_seed| {
|
||||||
@ -1175,9 +1178,6 @@ impl<'a> SyscallInvokeSigned<'a> for SyscallInvokeSignedC<'a> {
|
|||||||
signers_seeds_len,
|
signers_seeds_len,
|
||||||
self.loader_id,
|
self.loader_id,
|
||||||
)?;
|
)?;
|
||||||
if signers_seeds.len() > MAX_SEEDS {
|
|
||||||
return Err(SyscallError::BadSeeds(PubkeyError::MaxSeedLengthExceeded).into());
|
|
||||||
}
|
|
||||||
Ok(signers_seeds
|
Ok(signers_seeds
|
||||||
.iter()
|
.iter()
|
||||||
.map(|signer_seeds| {
|
.map(|signer_seeds| {
|
||||||
@ -1187,6 +1187,12 @@ impl<'a> SyscallInvokeSigned<'a> for SyscallInvokeSignedC<'a> {
|
|||||||
signer_seeds.len,
|
signer_seeds.len,
|
||||||
self.loader_id,
|
self.loader_id,
|
||||||
)?;
|
)?;
|
||||||
|
if seeds.len() > MAX_SEEDS {
|
||||||
|
return Err(SyscallError::InstructionError(
|
||||||
|
InstructionError::MaxSeedLengthExceeded,
|
||||||
|
)
|
||||||
|
.into());
|
||||||
|
}
|
||||||
let seeds_bytes = seeds
|
let seeds_bytes = seeds
|
||||||
.iter()
|
.iter()
|
||||||
.map(|seed| {
|
.map(|seed| {
|
||||||
|
|||||||
Reference in New Issue
Block a user