Input values are not sanitized after they are deserialized, making it far too easy for Leo to earn SOL (#9706)

* sanitize gossip protocol messages * sanitize transactions * crds protocol sanitize
2020-04-27 11:06:00 -07:00
parent c372a39dd3
commit 8ef097bf6f
13 changed files with 333 additions and 31 deletions
--- a/sdk/src/sanitize.rs
+++ b/sdk/src/sanitize.rs
@@ -0,0 +1,21 @@
+#[derive(PartialEq, Debug)]
+pub enum SanitizeError {
+    Failed,
+    IndexOutOfBounds,
+    ValueOutOfRange,
+}
+
+pub trait Sanitize {
+    fn sanitize(&self) -> Result<(), SanitizeError> {
+        Ok(())
+    }
+}
+
+impl<T: Sanitize> Sanitize for Vec<T> {
+    fn sanitize(&self) -> Result<(), SanitizeError> {
+        for x in self.iter() {
+            x.sanitize()?;
+        }
+        Ok(())
+    }
+}