status-im
/
nimbus-eth2
mirror of https://github.com/status-im/nimbus-eth2.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

detect improper 0-length lists of variable-sized objects in SSZ reading (#928) 

* detect improper 0-length lists of variable-sized objects in SSZ reading
This commit is contained in:
tersec 2020-04-23 19:39:23 +00:00 committed by GitHub
parent 0079242457
commit 7bc18423fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
AllTests-mainnet.md
View File

@ -170,11 +170,12 @@ OK: 84/87 Fail: 3/87 Skip: 0/87
+ Iterators test OK + Iterators test OK
+ Peer lifetime test OK + Peer lifetime test OK
+ Safe/Clear test OK + Safe/Clear test OK
+ Score check test OK
+ addPeer() test OK + addPeer() test OK
+ addPeerNoWait() test OK + addPeerNoWait() test OK
+ deletePeer() test OK + deletePeer() test OK
``` ```
OK: 9/9 Fail: 0/9 Skip: 0/9 OK: 10/10 Fail: 0/10 Skip: 0/10
## SSZ dynamic navigator ## SSZ dynamic navigator
```diff ```diff
+ navigating fields OK + navigating fields OK
@ -229,4 +230,4 @@ OK: 4/4 Fail: 0/4 Skip: 0/4
OK: 8/8 Fail: 0/8 Skip: 0/8 OK: 8/8 Fail: 0/8 Skip: 0/8
---TOTAL--- ---TOTAL---
OK: 140/143 Fail: 3/143 Skip: 0/143 OK: 141/144 Fail: 3/144 Skip: 0/144

5
AllTests-minimal.md
View File

@ -197,11 +197,12 @@ OK: 84/87 Fail: 3/87 Skip: 0/87
+ Iterators test OK + Iterators test OK
+ Peer lifetime test OK + Peer lifetime test OK
+ Safe/Clear test OK + Safe/Clear test OK
+ Score check test OK
+ addPeer() test OK + addPeer() test OK
+ addPeerNoWait() test OK + addPeerNoWait() test OK
+ deletePeer() test OK + deletePeer() test OK
``` ```
OK: 9/9 Fail: 0/9 Skip: 0/9 OK: 10/10 Fail: 0/10 Skip: 0/10
## SSZ dynamic navigator ## SSZ dynamic navigator
```diff ```diff
+ navigating fields OK + navigating fields OK
@ -256,4 +257,4 @@ OK: 4/4 Fail: 0/4 Skip: 0/4
OK: 8/8 Fail: 0/8 Skip: 0/8 OK: 8/8 Fail: 0/8 Skip: 0/8
---TOTAL--- ---TOTAL---
OK: 155/158 Fail: 3/158 Skip: 0/158 OK: 156/159 Fail: 3/159 Skip: 0/159

2
README.md
View File

@ -71,7 +71,7 @@ yourAURmanager -S base-devel pcre-static
### MacOS ### MacOS
Assuming you use [Homebrew](https://brew.sh/) to manage packages Assuming you use [Homebrew](https://brew.sh/) to manage packages:
```sh ```sh
brew install pcre brew install pcre

7
beacon_chain/ssz/bytes_reader.nim
View File

@ -127,6 +127,13 @@ func readSszValue*(input: openarray[byte], T: type): T {.raisesssz.} =
trs "GOT OFFSET ", offset trs "GOT OFFSET ", offset
let resultLen = offset div offsetSize let resultLen = offset div offsetSize
trs "LEN ", resultLen trs "LEN ", resultLen
if resultLen == 0:
# If there are too many elements, other constraints detect problems
# (not monotonically increasing, past end of input, or last element
# not matching up with its nextOffset properly)
raise newException(MalformedSszError, "SSZ list incorrectly encoded of zero length")
result.setOutputSize resultLen result.setOutputSize resultLen
for i in 1 ..< resultLen: for i in 1 ..< resultLen:
let nextOffset = readOffset(i * offsetSize) let nextOffset = readOffset(i * offsetSize)

5
beacon_chain/state_transition.nim
View File

@ -13,17 +13,12 @@
# areas. The entry point is `state_transition` which is at the bottom of the file! # areas. The entry point is `state_transition` which is at the bottom of the file!
# #
# General notes about the code (TODO): # General notes about the code (TODO):
# * It's inefficient - we quadratically copy, allocate and iterate when there
# are faster options
# * Weird styling - the sections taken from the spec use python styling while # * Weird styling - the sections taken from the spec use python styling while
# the others use NEP-1 - helps grepping identifiers in spec # the others use NEP-1 - helps grepping identifiers in spec
# * We mix procedural and functional styles for no good reason, except that the # * We mix procedural and functional styles for no good reason, except that the
# spec does so also. # spec does so also.
# * There are likely lots of bugs.
# * For indices, we get a mix of uint64, ValidatorIndex and int - this is currently # * For indices, we get a mix of uint64, ValidatorIndex and int - this is currently
# swept under the rug with casts # swept under the rug with casts
# * The spec uses uint64 for data types, but functions in the spec often assume
# signed bigint semantics - under- and overflows ensue
# * Sane error handling is missing in most cases (yay, we'll get the chance to # * Sane error handling is missing in most cases (yay, we'll get the chance to
# debate exceptions again!) # debate exceptions again!)
# When updating the code, add TODO sections to mark where there are clear # When updating the code, add TODO sections to mark where there are clear