Cap CPI signers (#14021)

2020-12-09 02:14:53 -08:00
parent e1872a450a
commit e1a4251b07
5 changed files with 147 additions and 36 deletions
--- a/programs/bpf_loader/src/syscalls.rs
+++ b/programs/bpf_loader/src/syscalls.rs
@ -37,6 +37,9 @@ use std::{
 };
 use thiserror::Error as ThisError;

+/// Maximum signers
+pub const MAX_SIGNERS: usize = 16;
+
 /// Error definitions
 #[derive(Debug, ThisError, PartialEq)]
 pub enum SyscallError {
@ -60,6 +63,8 @@ pub enum SyscallError {
    PrivilegeEscalation,
    #[error("Unaligned pointer")]
    UnalignedPointer,
+    #[error("Too many signers")]
+    TooManySigners,
 }
 impl From<SyscallError> for EbpfError<BPFError> {
    fn from(error: SyscallError) -> Self {
@ -923,6 +928,9 @@ impl<'a> SyscallInvokeSigned<'a> for SyscallInvokeSignedRust<'a> {
                signers_seeds_len,
                self.loader_id,
            )?;
+            if signers_seeds.len() > MAX_SIGNERS {
+                return Err(SyscallError::TooManySigners.into());
+            }
            for signer_seeds in signers_seeds.iter() {
                let untranslated_seeds = translate_slice::<&[u8]>(
                    memory_mapping,
@ -1178,6 +1186,9 @@ impl<'a> SyscallInvokeSigned<'a> for SyscallInvokeSignedC<'a> {
                signers_seeds_len,
                self.loader_id,
            )?;
+            if signers_seeds.len() > MAX_SIGNERS {
+                return Err(SyscallError::TooManySigners.into());
+            }
            Ok(signers_seeds
                .iter()
                .map(|signer_seeds| {