Always bail if program modifies a ro account (#17569)
This commit is contained in:
@ -29,6 +29,7 @@ const TEST_INSTRUCTION_META_TOO_LARGE: u8 = 10;
|
||||
const TEST_RETURN_ERROR: u8 = 11;
|
||||
const TEST_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER: u8 = 12;
|
||||
const TEST_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE: u8 = 13;
|
||||
const TEST_WRITABLE_DEESCALATION_WRITABLE: u8 = 14;
|
||||
|
||||
// const MINT_INDEX: usize = 0;
|
||||
const ARGUMENT_INDEX: usize = 1;
|
||||
@ -354,27 +355,6 @@ fn process_instruction(
|
||||
}
|
||||
}
|
||||
|
||||
msg!("Test writable deescalation");
|
||||
{
|
||||
const NUM_BYTES: usize = 10;
|
||||
let mut buffer = [0; NUM_BYTES];
|
||||
buffer.copy_from_slice(
|
||||
&accounts[INVOKED_ARGUMENT_INDEX].data.borrow_mut()[..NUM_BYTES],
|
||||
);
|
||||
|
||||
let instruction = create_instruction(
|
||||
*accounts[INVOKED_PROGRAM_INDEX].key,
|
||||
&[(accounts[INVOKED_ARGUMENT_INDEX].key, false, false)],
|
||||
vec![WRITE_ACCOUNT, NUM_BYTES as u8],
|
||||
);
|
||||
let _ = invoke(&instruction, accounts);
|
||||
|
||||
assert_eq!(
|
||||
buffer,
|
||||
accounts[INVOKED_ARGUMENT_INDEX].data.borrow_mut()[..NUM_BYTES]
|
||||
);
|
||||
}
|
||||
|
||||
msg!("Create account and init data");
|
||||
{
|
||||
let from_lamports = accounts[FROM_INDEX].lamports();
|
||||
@ -603,6 +583,25 @@ fn process_instruction(
|
||||
);
|
||||
invoke(&invoked_instruction, accounts)?;
|
||||
}
|
||||
TEST_WRITABLE_DEESCALATION_WRITABLE => {
|
||||
msg!("Test writable deescalation writable");
|
||||
const NUM_BYTES: usize = 10;
|
||||
let mut buffer = [0; NUM_BYTES];
|
||||
buffer
|
||||
.copy_from_slice(&accounts[INVOKED_ARGUMENT_INDEX].data.borrow_mut()[..NUM_BYTES]);
|
||||
|
||||
let instruction = create_instruction(
|
||||
*accounts[INVOKED_PROGRAM_INDEX].key,
|
||||
&[(accounts[INVOKED_ARGUMENT_INDEX].key, false, false)],
|
||||
vec![WRITE_ACCOUNT, NUM_BYTES as u8],
|
||||
);
|
||||
let _ = invoke(&instruction, accounts);
|
||||
|
||||
assert_eq!(
|
||||
buffer,
|
||||
accounts[INVOKED_ARGUMENT_INDEX].data.borrow_mut()[..NUM_BYTES]
|
||||
);
|
||||
}
|
||||
_ => panic!(),
|
||||
}
|
||||
|
||||
|
19
programs/bpf/rust/ro_account_modify/Cargo.toml
Normal file
19
programs/bpf/rust/ro_account_modify/Cargo.toml
Normal file
@ -0,0 +1,19 @@
|
||||
[package]
|
||||
name = "solana-bpf-rust-ro-account_modify"
|
||||
version = "1.8.0"
|
||||
description = "Solana BPF test program written in Rust"
|
||||
authors = ["Solana Maintainers <maintainers@solana.foundation>"]
|
||||
repository = "https://github.com/solana-labs/solana"
|
||||
license = "Apache-2.0"
|
||||
homepage = "https://solana.com/"
|
||||
documentation = "https://docs.rs/solana-bpf-rust-ro-modify"
|
||||
edition = "2018"
|
||||
|
||||
[dependencies]
|
||||
solana-program = { path = "../../../../sdk/program", version = "=1.8.0" }
|
||||
|
||||
[lib]
|
||||
crate-type = ["cdylib"]
|
||||
|
||||
[package.metadata.docs.rs]
|
||||
targets = ["x86_64-unknown-linux-gnu"]
|
70
programs/bpf/rust/ro_account_modify/src/lib.rs
Normal file
70
programs/bpf/rust/ro_account_modify/src/lib.rs
Normal file
@ -0,0 +1,70 @@
|
||||
use solana_program::{
|
||||
account_info::AccountInfo,
|
||||
entrypoint,
|
||||
entrypoint::ProgramResult,
|
||||
instruction::{AccountMeta, Instruction},
|
||||
msg,
|
||||
program::invoke,
|
||||
pubkey::Pubkey,
|
||||
};
|
||||
|
||||
const ARGUMENT_INDEX: usize = 0;
|
||||
|
||||
const INSTRUCTION_MODIFY: u8 = 0;
|
||||
const INSTRUCTION_INVOKE_MODIFY: u8 = 1;
|
||||
const INSTRUCTION_MODIFY_INVOKE: u8 = 2;
|
||||
const INSTRUCTION_VERIFY_MODIFIED: u8 = 3;
|
||||
|
||||
entrypoint!(process_instruction);
|
||||
fn process_instruction(
|
||||
program_id: &Pubkey,
|
||||
accounts: &[AccountInfo],
|
||||
instruction_data: &[u8],
|
||||
) -> ProgramResult {
|
||||
assert!(!accounts[ARGUMENT_INDEX].is_writable);
|
||||
|
||||
match instruction_data[0] {
|
||||
INSTRUCTION_MODIFY => {
|
||||
msg!("modify ro account");
|
||||
assert_eq!(0, accounts[ARGUMENT_INDEX].try_borrow_data()?[0]);
|
||||
accounts[ARGUMENT_INDEX].try_borrow_mut_data()?[0] = 1;
|
||||
}
|
||||
INSTRUCTION_INVOKE_MODIFY => {
|
||||
msg!("invoke and modify ro account");
|
||||
|
||||
assert_eq!(0, accounts[ARGUMENT_INDEX].try_borrow_data()?[0]);
|
||||
|
||||
let instruction = Instruction {
|
||||
program_id: *program_id,
|
||||
accounts: vec![AccountMeta::new_readonly(
|
||||
*accounts[ARGUMENT_INDEX].key,
|
||||
false,
|
||||
)],
|
||||
data: vec![INSTRUCTION_MODIFY],
|
||||
};
|
||||
invoke(&instruction, accounts)?;
|
||||
}
|
||||
INSTRUCTION_MODIFY_INVOKE => {
|
||||
msg!("modify and invoke ro account");
|
||||
|
||||
assert_eq!(0, accounts[ARGUMENT_INDEX].try_borrow_data()?[0]);
|
||||
accounts[ARGUMENT_INDEX].try_borrow_mut_data()?[0] = 1;
|
||||
|
||||
let instruction = Instruction {
|
||||
program_id: *program_id,
|
||||
accounts: vec![AccountMeta::new_readonly(
|
||||
*accounts[ARGUMENT_INDEX].key,
|
||||
false,
|
||||
)],
|
||||
data: vec![INSTRUCTION_VERIFY_MODIFIED],
|
||||
};
|
||||
invoke(&instruction, accounts)?;
|
||||
}
|
||||
INSTRUCTION_VERIFY_MODIFIED => {
|
||||
msg!("verify modified");
|
||||
assert_eq!(1, accounts[ARGUMENT_INDEX].try_borrow_data()?[0])
|
||||
}
|
||||
_ => panic!("Unknown instruction"),
|
||||
}
|
||||
Ok(())
|
||||
}
|
Reference in New Issue
Block a user