gaspersic/solana
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Limit CPI from calling loader or native programs (#14252) (#14319)

Browse Source 
(cherry picked from commit 0b479ab180)

Co-authored-by: Jack May <jack@solana.com>
This commit is contained in:
mergify[bot]
2020-12-30 06:39:22 +00:00
committed by GitHub
parent fb4204b135
commit 7eb5db98cf
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
programs/bpf/tests/programs.rs
View File

@ -1243,6 +1243,7 @@ fn test_program_bpf_test_use_latest_executor() {
.is_ok());
}
#[ignore] // Invoking BPF loaders from CPI not allowed
#[cfg(feature = "bpf_rust")]
#[test]
fn test_program_bpf_test_use_latest_executor2() {

15
programs/bpf_loader/src/syscalls.rs
View File

@ -12,7 +12,7 @@ use solana_sdk::{
account::Account,
account_info::AccountInfo,
account_utils::StateMut,
bpf_loader_deprecated,
bpf_loader, bpf_loader_deprecated,
bpf_loader_upgradeable::{self, UpgradeableLoaderState},
entrypoint::{MAX_PERMITTED_DATA_INCREASE, SUCCESS},
feature_set::{
@ -23,6 +23,7 @@ use solana_sdk::{
instruction::{AccountMeta, Instruction, InstructionError},
keyed_account::KeyedAccount,
message::Message,
native_loader,
process_instruction::{stable_log, ComputeMeter, InvokeContext, Logger},
program_error::ProgramError,
pubkey::{Pubkey, PubkeyError, MAX_SEEDS},
@ -1160,6 +1161,17 @@ impl<'a> SyscallObject<BPFError> for SyscallInvokeSignedC<'a> {
}
}
fn is_authorized_program(program_id: &Pubkey) -> Result<(), EbpfError<BPFError>> {
if native_loader::check_id(program_id)
|| bpf_loader::check_id(program_id)
|| bpf_loader_deprecated::check_id(program_id)
|| bpf_loader_upgradeable::check_id(program_id)
{
return Err(SyscallError::InstructionError(InstructionError::UnsupportedProgramId).into());
}
Ok(())
}
/// Call process instruction, common to both Rust and C
fn call<'a>(
syscall: &mut dyn SyscallInvokeSigned<'a>,
@ -1195,6 +1207,7 @@ fn call<'a>(
let (message, callee_program_id) =
MessageProcessor::create_message(&instruction, &keyed_account_refs, &signers)
.map_err(SyscallError::InstructionError)?;
is_authorized_program(&callee_program_id)?;
let (accounts, account_refs) = syscall.translate_accounts(
&message,
account_infos_addr,