Fix blind keyed accounts indexing in Config program (#6369)
This commit is contained in:
parent
ae41c88eb2
commit
f6255c2f9e
|
@ -5,6 +5,7 @@ use bincode::deserialize;
|
||||||
use log::*;
|
use log::*;
|
||||||
use solana_sdk::account::KeyedAccount;
|
use solana_sdk::account::KeyedAccount;
|
||||||
use solana_sdk::instruction::InstructionError;
|
use solana_sdk::instruction::InstructionError;
|
||||||
|
use solana_sdk::instruction_processor_utils::next_keyed_account;
|
||||||
use solana_sdk::pubkey::Pubkey;
|
use solana_sdk::pubkey::Pubkey;
|
||||||
|
|
||||||
pub fn process_instruction(
|
pub fn process_instruction(
|
||||||
|
@ -17,7 +18,10 @@ pub fn process_instruction(
|
||||||
InstructionError::InvalidInstructionData
|
InstructionError::InvalidInstructionData
|
||||||
})?;
|
})?;
|
||||||
|
|
||||||
let current_data: ConfigKeys = deserialize(&keyed_accounts[0].account.data).map_err(|err| {
|
let keyed_accounts_iter = &mut keyed_accounts.iter_mut();
|
||||||
|
let config_keyed_account = &mut next_keyed_account(keyed_accounts_iter)?;
|
||||||
|
let current_data: ConfigKeys =
|
||||||
|
deserialize(&config_keyed_account.account.data).map_err(|err| {
|
||||||
error!("Invalid data in account[0]: {:?} {:?}", data, err);
|
error!("Invalid data in account[0]: {:?} {:?}", data, err);
|
||||||
InstructionError::InvalidAccountData
|
InstructionError::InvalidAccountData
|
||||||
})?;
|
})?;
|
||||||
|
@ -31,23 +35,17 @@ pub fn process_instruction(
|
||||||
if current_signer_keys.is_empty() {
|
if current_signer_keys.is_empty() {
|
||||||
// Config account keypair must be a signer on account initilization,
|
// Config account keypair must be a signer on account initilization,
|
||||||
// or when no signers specified in Config data
|
// or when no signers specified in Config data
|
||||||
if keyed_accounts[0].signer_key().is_none() {
|
if config_keyed_account.signer_key().is_none() {
|
||||||
error!("account[0].signer_key().is_none()");
|
error!("account[0].signer_key().is_none()");
|
||||||
return Err(InstructionError::MissingRequiredSignature);
|
return Err(InstructionError::MissingRequiredSignature);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut counter = 0;
|
let mut counter = 0;
|
||||||
for (i, (signer, _)) in key_list
|
for (signer, _) in key_list.keys.iter().filter(|(_, is_signer)| *is_signer) {
|
||||||
.keys
|
|
||||||
.iter()
|
|
||||||
.filter(|(_, is_signer)| *is_signer)
|
|
||||||
.enumerate()
|
|
||||||
{
|
|
||||||
counter += 1;
|
counter += 1;
|
||||||
if signer != keyed_accounts[0].unsigned_key() {
|
if signer != config_keyed_account.unsigned_key() {
|
||||||
let account_index = i + 1;
|
let signer_account = keyed_accounts_iter.next();
|
||||||
let signer_account = keyed_accounts.get(account_index);
|
|
||||||
if signer_account.is_none() {
|
if signer_account.is_none() {
|
||||||
error!("account {:?} is not in account list", signer);
|
error!("account {:?} is not in account list", signer);
|
||||||
return Err(InstructionError::MissingRequiredSignature);
|
return Err(InstructionError::MissingRequiredSignature);
|
||||||
|
@ -60,7 +58,7 @@ pub fn process_instruction(
|
||||||
if signer_key.unwrap() != signer {
|
if signer_key.unwrap() != signer {
|
||||||
error!(
|
error!(
|
||||||
"account[{:?}].signer_key() does not match Config data)",
|
"account[{:?}].signer_key() does not match Config data)",
|
||||||
account_index
|
counter + 1
|
||||||
);
|
);
|
||||||
return Err(InstructionError::MissingRequiredSignature);
|
return Err(InstructionError::MissingRequiredSignature);
|
||||||
}
|
}
|
||||||
|
@ -74,7 +72,7 @@ pub fn process_instruction(
|
||||||
error!("account {:?} is not in stored signer list", signer);
|
error!("account {:?} is not in stored signer list", signer);
|
||||||
return Err(InstructionError::MissingRequiredSignature);
|
return Err(InstructionError::MissingRequiredSignature);
|
||||||
}
|
}
|
||||||
} else if keyed_accounts[0].signer_key().is_none() {
|
} else if config_keyed_account.signer_key().is_none() {
|
||||||
error!("account[0].signer_key().is_none()");
|
error!("account[0].signer_key().is_none()");
|
||||||
return Err(InstructionError::MissingRequiredSignature);
|
return Err(InstructionError::MissingRequiredSignature);
|
||||||
}
|
}
|
||||||
|
@ -90,12 +88,12 @@ pub fn process_instruction(
|
||||||
return Err(InstructionError::MissingRequiredSignature);
|
return Err(InstructionError::MissingRequiredSignature);
|
||||||
}
|
}
|
||||||
|
|
||||||
if keyed_accounts[0].account.data.len() < data.len() {
|
if config_keyed_account.account.data.len() < data.len() {
|
||||||
error!("instruction data too large");
|
error!("instruction data too large");
|
||||||
return Err(InstructionError::InvalidInstructionData);
|
return Err(InstructionError::InvalidInstructionData);
|
||||||
}
|
}
|
||||||
|
|
||||||
keyed_accounts[0].account.data[0..data.len()].copy_from_slice(&data);
|
config_keyed_account.account.data[0..data.len()].copy_from_slice(&data);
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -10,10 +10,12 @@ use solana_runtime::{bank::Bank, bank_client::BankClient};
|
||||||
use solana_sdk::{
|
use solana_sdk::{
|
||||||
client::SyncClient,
|
client::SyncClient,
|
||||||
genesis_block::create_genesis_block,
|
genesis_block::create_genesis_block,
|
||||||
|
instruction::InstructionError,
|
||||||
message::Message,
|
message::Message,
|
||||||
pubkey::Pubkey,
|
pubkey::Pubkey,
|
||||||
signature::{Keypair, KeypairUtil},
|
signature::{Keypair, KeypairUtil},
|
||||||
system_instruction,
|
system_instruction,
|
||||||
|
transaction::TransactionError,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Serialize, Deserialize, Debug, PartialEq)]
|
#[derive(Serialize, Deserialize, Debug, PartialEq)]
|
||||||
|
@ -364,3 +366,26 @@ fn test_config_updates_requiring_config() {
|
||||||
.send_message(&[&mint_keypair, &config_keypair], message)
|
.send_message(&[&mint_keypair, &config_keypair], message)
|
||||||
.unwrap_err();
|
.unwrap_err();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_config_initialize_no_panic() {
|
||||||
|
let (bank, alice_keypair) = create_bank(3);
|
||||||
|
let bank_client = BankClient::new(bank);
|
||||||
|
|
||||||
|
let mut instructions = config_instruction::create_account::<MyConfig>(
|
||||||
|
&alice_keypair.pubkey(),
|
||||||
|
&Pubkey::new_rand(),
|
||||||
|
1,
|
||||||
|
vec![],
|
||||||
|
);
|
||||||
|
instructions[1].accounts = vec![]; // <!-- Attack! Prevent accounts from being passed into processor.
|
||||||
|
|
||||||
|
let message = Message::new(instructions);
|
||||||
|
assert_eq!(
|
||||||
|
bank_client
|
||||||
|
.send_message(&[&alice_keypair], message)
|
||||||
|
.unwrap_err()
|
||||||
|
.unwrap(),
|
||||||
|
TransactionError::InstructionError(1, InstructionError::NotEnoughAccountKeys)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue