Track account writable deescalation (#14626)

2021-01-22 15:28:01 -08:00
parent cbb9ac19b9
commit 77572a7c53
14 changed files with 246 additions and 56 deletions
--- a/programs/bpf/rust/invoke/src/lib.rs
+++ b/programs/bpf/rust/invoke/src/lib.rs
@ -29,6 +29,7 @@ const TEST_INSTRUCTION_META_TOO_LARGE: u8 = 10;
 const TEST_RETURN_ERROR: u8 = 11;
 const TEST_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER: u8 = 12;
 const TEST_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE: u8 = 13;
+const TEST_WRITE_DEESCALATION: u8 = 14;

 // const MINT_INDEX: usize = 0;
 const ARGUMENT_INDEX: usize = 1;
@ -331,6 +332,28 @@ fn process_instruction(
                    assert_eq!(data[i as usize], i);
                }
            }
+
+            msg!("Verify data write before cpi call with deescalated writable");
+            {
+                {
+                    let mut data = accounts[ARGUMENT_INDEX].try_borrow_mut_data()?;
+                    for i in 0..100 {
+                        data[i as usize] = 42;
+                    }
+                }
+
+                let invoked_instruction = create_instruction(
+                    *accounts[INVOKED_PROGRAM_INDEX].key,
+                    &[(accounts[ARGUMENT_INDEX].key, false, false)],
+                    vec![VERIFY_PRIVILEGE_DEESCALATION],
+                );
+                invoke(&invoked_instruction, accounts)?;
+
+                let data = accounts[ARGUMENT_INDEX].try_borrow_data()?;
+                for i in 0..100 {
+                    assert_eq!(data[i as usize], 42);
+                }
+            }
        }
        TEST_PRIVILEGE_ESCALATION_SIGNER => {
            msg!("Test privilege escalation signer");
@ -534,6 +557,15 @@ fn process_instruction(
            );
            invoke(&invoked_instruction, accounts)?;
        }
+        TEST_WRITE_DEESCALATION => {
+            msg!("Test writable deescalation");
+            let instruction = create_instruction(
+                *accounts[INVOKED_PROGRAM_INDEX].key,
+                &[(accounts[INVOKED_ARGUMENT_INDEX].key, false, false)],
+                vec![WRITE_ACCOUNT, 10],
+            );
+            let _ = invoke(&instruction, accounts);
+        }
        _ => panic!(),
    }

--- a/programs/bpf/rust/invoked/src/instruction.rs
+++ b/programs/bpf/rust/invoked/src/instruction.rs
@ -16,6 +16,7 @@ pub const RETURN_OK: u8 = 7;
 pub const VERIFY_PRIVILEGE_DEESCALATION: u8 = 8;
 pub const VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER: u8 = 9;
 pub const VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE: u8 = 10;
+pub const WRITE_ACCOUNT: u8 = 11;

 pub fn create_instruction(
    program_id: Pubkey,
--- a/programs/bpf/rust/invoked/src/processor.rs
+++ b/programs/bpf/rust/invoked/src/processor.rs
@ -229,6 +229,12 @@ fn process_instruction(
                }
            }
        }
+        WRITE_ACCOUNT => {
+            msg!("write account");
+            for i in 0..instruction_data[1] {
+                accounts[0].data.borrow_mut()[i as usize] = instruction_data[1];
+            }
+        }
        _ => panic!(),
    }