limit secp256k1 recover id (#23621)

2022-03-14 09:34:43 -07:00 · 2022-03-14 09:34:43 -07:00 · c369f8b871
parent 63bf0f66af
commit c369f8b871
2 changed files with 23 additions and 4 deletions
--- a/programs/bpf_loader/src/syscalls.rs
+++ b/programs/bpf_loader/src/syscalls.rs
@ -25,9 +25,9 @@ use {
            self, add_get_processed_sibling_instruction_syscall, blake3_syscall_enabled,
            check_physical_overlapping, disable_fees_sysvar, do_support_realloc,
            fixed_memcpy_nonoverlapping_check, libsecp256k1_0_5_upgrade_enabled,
-            prevent_calling_precompiles_as_programs, return_data_syscall_enabled,
-            secp256k1_recover_syscall_enabled, sol_log_data_syscall_enabled,
-            syscall_saturated_math, update_syscall_base_costs,
+            limit_secp256k1_recovery_id, prevent_calling_precompiles_as_programs,
+            return_data_syscall_enabled, secp256k1_recover_syscall_enabled,
+            sol_log_data_syscall_enabled, syscall_saturated_math, update_syscall_base_costs,
        },
        hash::{Hasher, HASH_BYTES},
        instruction::{
@ -1677,7 +1677,21 @@ impl<'a, 'b> SyscallObject<BpfError> for SyscallSecp256k1Recover<'a, 'b> {
                return;
            }
        };
-        let recovery_id = match libsecp256k1::RecoveryId::parse(recovery_id_val as u8) {
+        let adjusted_recover_id_val = if invoke_context
+            .feature_set
+            .is_active(&limit_secp256k1_recovery_id::id())
+        {
+            match recovery_id_val.try_into() {
+                Ok(adjusted_recover_id_val) => adjusted_recover_id_val,
+                Err(_) => {
+                    *result = Ok(Secp256k1RecoverError::InvalidRecoveryId.into());
+                    return;
+                }
+            }
+        } else {
+            recovery_id_val as u8
+        };
+        let recovery_id = match libsecp256k1::RecoveryId::parse(adjusted_recover_id_val) {
            Ok(id) => id,
            Err(_) => {
                *result = Ok(Secp256k1RecoverError::InvalidRecoveryId.into());
--- a/sdk/src/feature_set.rs
+++ b/sdk/src/feature_set.rs
@ -323,6 +323,10 @@ pub mod check_physical_overlapping {
    solana_sdk::declare_id!("nWBqjr3gpETbiaVj3CBJ3HFC5TMdnJDGt21hnvSTvVZ");
 }

+pub mod limit_secp256k1_recovery_id {
+    solana_sdk::declare_id!("7g9EUwj4j7CS21Yx1wvgWLjSZeh5aPq8x9kpoPwXM8n8");
+}
+
 lazy_static! {
    /// Map of feature identifiers to user-visible description
    pub static ref FEATURE_NAMES: HashMap<Pubkey, &'static str> = [
@ -398,6 +402,7 @@ lazy_static! {
        (record_instruction_in_transaction_context_push::id(), "move the CPI stack overflow check to the end of push"),
        (syscall_saturated_math::id(), "syscalls use saturated math"),
        (check_physical_overlapping::id(), "check physical overlapping regions"),
+        (limit_secp256k1_recovery_id::id(), "limit secp256k1 recovery id"),
        /*************** ADD NEW FEATURES HERE ***************/
    ]
    .iter()