check program owners (#15495)

* check program owners * BankSlotDelta should change because InstructionError variant added Co-authored-by: Tyera Eulberg <tyera@solana.com>
2021-02-26 14:21:34 -08:00
parent d47f1fae40
commit 8399851d11
10 changed files with 118 additions and 18 deletions
--- a/programs/config/src/config_processor.rs
+++ b/programs/config/src/config_processor.rs
@@ -3,7 +3,7 @@
 use crate::ConfigKeys;
 use bincode::deserialize;
 use solana_sdk::{
-    ic_msg,
+    feature_set, ic_msg,
    instruction::InstructionError,
    keyed_account::{next_keyed_account, KeyedAccount},
    process_instruction::InvokeContext,
@@ -20,8 +20,15 @@ pub fn process_instruction(
    let key_list: ConfigKeys = limited_deserialize(data)?;
    let keyed_accounts_iter = &mut keyed_accounts.iter();
    let config_keyed_account = &mut next_keyed_account(keyed_accounts_iter)?;
+
    let current_data: ConfigKeys = {
        let config_account = config_keyed_account.try_account_ref_mut()?;
+        if invoke_context.is_feature_active(&feature_set::check_program_owner::id())
+            && config_account.owner != crate::id()
+        {
+            return Err(InstructionError::InvalidAccountOwner);
+        }
+
        deserialize(&config_account.data).map_err(|err| {
            ic_msg!(
                invoke_context,
@@ -174,6 +181,7 @@ mod tests {
        };
        let config_account = RefCell::new(Account {
            data: vec![0; space as usize],
+            owner: id(),
            ..Account::default()
        });
        let accounts = vec![(&config_pubkey, true, &config_account)];
@@ -326,7 +334,10 @@ mod tests {
        let my_config = MyConfig::new(42);

        let instruction = config_instruction::store(&config_pubkey, false, keys, &my_config);
-        let signer0_account = RefCell::new(Account::default());
+        let signer0_account = RefCell::new(Account {
+            owner: id(),
+            ..Account::default()
+        });
        let accounts = vec![(&signer0_pubkey, true, &signer0_account)];
        let keyed_accounts = create_keyed_is_signer_accounts(&accounts);
        assert_eq!(
@@ -588,4 +599,35 @@ mod tests {
            Err(InstructionError::NotEnoughAccountKeys)
        );
    }
+
+    #[test]
+    fn test_config_bad_owner() {
+        let from_pubkey = solana_sdk::pubkey::new_rand();
+        let config_pubkey = solana_sdk::pubkey::new_rand();
+        let new_config = MyConfig::new(84);
+        let signer0_pubkey = solana_sdk::pubkey::new_rand();
+        let signer0_account = RefCell::new(Account::default());
+        let config_account = RefCell::new(Account::default());
+        let keys = vec![
+            (from_pubkey, false),
+            (signer0_pubkey, true),
+            (config_pubkey, true),
+        ];
+
+        let instruction = config_instruction::store(&config_pubkey, true, keys, &new_config);
+        let accounts = vec![
+            (&config_pubkey, true, &config_account),
+            (&signer0_pubkey, true, &signer0_account),
+        ];
+        let keyed_accounts = create_keyed_is_signer_accounts(&accounts);
+        assert_eq!(
+            process_instruction(
+                &id(),
+                &keyed_accounts,
+                &instruction.data,
+                &mut MockInvokeContext::default()
+            ),
+            Err(InstructionError::InvalidAccountOwner)
+        );
+    }
 }