gaspersic/solana
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Track account writable deescalation (#14626)

Browse Source
This commit is contained in:
Jack May
2021-01-22 15:28:01 -08:00
committed by GitHub
parent cbb9ac19b9
commit 77572a7c53
14 changed files with 246 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
programs/bpf/c/src/invoke/invoke.c
View File

@ -17,6 +17,7 @@ static const uint8_t TEST_INSTRUCTION_META_TOO_LARGE = 10;
static const uint8_t TEST_RETURN_ERROR = 11;
static const uint8_t TEST_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER = 12;
static const uint8_t TEST_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE = 13;
static const uint8_t TEST_WRITE_DEESCALATION = 14;
static const int MINT_INDEX = 0;
static const int ARGUMENT_INDEX = 1;
@ -251,6 +252,26 @@ extern uint64_t entrypoint(const uint8_t *input) {
for (int i = 0; i < accounts[INVOKED_ARGUMENT_INDEX].data_len; i++) {
sol_assert(accounts[INVOKED_ARGUMENT_INDEX].data[i] == i);
}
sol_log("Verify data write before ro cpi call");
{
for (int i = 0; i < accounts[ARGUMENT_INDEX].data_len; i++) {
accounts[ARGUMENT_INDEX].data[i] = 0;
}
SolAccountMeta arguments[] = {
{accounts[ARGUMENT_INDEX].key, false, false}};
uint8_t data[] = {VERIFY_PRIVILEGE_DEESCALATION};
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
arguments, SOL_ARRAY_SIZE(arguments),
data, SOL_ARRAY_SIZE(data)};
sol_assert(SUCCESS ==
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
for (int i = 0; i < accounts[ARGUMENT_INDEX].data_len; i++) {
sol_assert(accounts[ARGUMENT_INDEX].data[i] == 0);
}
}
break;
}
case TEST_PRIVILEGE_ESCALATION_SIGNER: {
@ -443,7 +464,8 @@ extern uint64_t entrypoint(const uint8_t *input) {
break;
}
case TEST_RETURN_ERROR: {
SolAccountMeta arguments[] = {{accounts[ARGUMENT_INDEX].key, true, true}};
sol_log("Test return error");
SolAccountMeta arguments[] = {{accounts[ARGUMENT_INDEX].key, false, true}};
uint8_t data[] = {RETURN_ERROR};
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
arguments, SOL_ARRAY_SIZE(arguments),
@ -484,6 +506,18 @@ extern uint64_t entrypoint(const uint8_t *input) {
break;
}
case TEST_WRITE_DEESCALATION: {
sol_log("Test writable deescalation");
SolAccountMeta arguments[] = {
{accounts[INVOKED_ARGUMENT_INDEX].key, false, false}};
uint8_t data[] = {WRITE_ACCOUNT, 10};
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
arguments, SOL_ARRAY_SIZE(arguments),
data, SOL_ARRAY_SIZE(data)};
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts));
break;
}
default:
sol_panic();
}

1
programs/bpf/c/src/invoked/instruction.h
View File

@ -15,3 +15,4 @@ const uint8_t RETURN_OK = 7;
const uint8_t VERIFY_PRIVILEGE_DEESCALATION = 8;
const uint8_t VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER = 9;
const uint8_t VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE = 10;
const uint8_t WRITE_ACCOUNT = 11;

14
programs/bpf/c/src/invoked/invoked.c
View File

@ -158,6 +158,7 @@ extern uint64_t entrypoint(const uint8_t *input) {
sol_assert(accounts[ARGUMENT_INDEX].is_writable);
break;
}
case VERIFY_PRIVILEGE_ESCALATION: {
sol_log("Should never get here!");
break;
@ -188,6 +189,7 @@ extern uint64_t entrypoint(const uint8_t *input) {
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
break;
}
case VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE: {
sol_log("verify privilege deescalation escalation writable");
static const int INVOKED_PROGRAM_INDEX = 0;
@ -245,6 +247,18 @@ extern uint64_t entrypoint(const uint8_t *input) {
}
break;
}
case WRITE_ACCOUNT: {
sol_log("write account");
static const int INVOKED_ARGUMENT_INDEX = 0;
sol_assert(sol_deserialize(input, &params, 1));
for (int i = 0; i < params.data[1]; i++) {
accounts[INVOKED_ARGUMENT_INDEX].data[i] = params.data[1];
}
break;
}
default:
return ERROR_INVALID_INSTRUCTION_DATA;
}