Fix Fuzz 5: off-by-1 in even modexp (#247)

2025-01-28 19:46:19 +00:00 · 2023-07-02 17:14:50 +02:00 · 2023-07-02 17:14:50 +02:00 · 72f36530ba
commit 72f36530ba
parent 151f284da6
4 changed files with 47 additions and 3 deletions
--- a/constantine.nimble
+++ b/constantine.nimble
@ -488,6 +488,7 @@ const testDesc: seq[tuple[path: string, useGMP: bool]] = @[

  # Protocols
  # ----------------------------------------------------------
+  ("tests/t_ethereum_evm_modexp.nim", false),
  ("tests/t_ethereum_evm_precompiles.nim", false),
  ("tests/t_ethereum_bls_signatures.nim", false),
  ("tests/t_ethereum_eip2333_bls12381_key_derivation.nim", false),
--- a/constantine/math_arbitrary_precision/arithmetic/bigints_views.nim
+++ b/constantine/math_arbitrary_precision/arithmetic/bigints_views.nim
@ -147,7 +147,7 @@ func powMod_vartime*(
  # -------------------------------------------------------------------

  if mBits-ctz == 1: # The modulus is a power of 2
-    r.powMod2k_vartime(a, exponent, k = uint mBits)
+    r.powMod2k_vartime(a, exponent, k = uint ctz)
    return

  # Even modulus: general case
--- a/constantine/platforms/primitives.nim
+++ b/constantine/platforms/primitives.nim
@ -102,8 +102,8 @@ func rawCopy*(
  ## Unlike the standard library, this cannot throw
  ## even a defect.
  debug:
-    doAssert 0 <= dStart and dStart+len <= dst.len.uint, "dStart: " & $dStart & ", dStart+len: " & $(dStart+len) & ", dst.len: " & $dst.len
-    doAssert 0 <= sStart and sStart+len <= src.len.uint, "sStart: " & $sStart & ", sStart+len: " & $(sStart+len) & ", src.len: " & $src.len
+    doAssert 0 <= dStart and int(dStart+len) <= dst.len, "dStart: " & $dStart & ", dStart+len: " & $(dStart+len) & ", dst.len: " & $dst.len
+    doAssert 0 <= sStart and int(sStart+len) <= src.len, "sStart: " & $sStart & ", sStart+len: " & $(sStart+len) & ", src.len: " & $src.len

  {.push checks: off.} # No OverflowError or IndexError allowed
  for i in 0 ..< len:
--- a/tests/t_ethereum_evm_modexp.nim
+++ b/tests/t_ethereum_evm_modexp.nim
@ -0,0 +1,43 @@
+# Constantine
+# Copyright (c) 2018-2019    Status Research & Development GmbH
+# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
+# Licensed and distributed under either of
+#   * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
+#   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
+# at your option. This file may not be copied, modified, or distributed except according to those terms.
+
+import
+  ../constantine/ethereum_evm_precompiles,
+  std/unittest
+
+suite "EVM ModExp precompile (EIP-198)":
+  test "Audit #5 - Fuzz failure with even modulus":
+    let input = [
+
+        # Length of base (1)
+        uint8 0x00,
+              0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+
+        # Length of exponent (1)
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+
+        # Length of modulus (1)
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+
+        # Base
+        0x06,
+
+        # Exponent
+        0x02,
+
+        # Modulus
+        0x04
+    ]
+
+    var r = newSeq[byte](1)
+    let status = r.eth_evm_modexp(input)
+    doAssert status == cttEVM_Success
+    doAssert r[0] == 0, ". Result was " & $r[0]