From 3615209ce7207810322e9f428b30b668cf0bc388 Mon Sep 17 00:00:00 2001
From: Parth <desaiparth08@gmail.com>
Date: Tue, 19 Nov 2019 09:09:29 +0530
Subject: [PATCH] don't allow assignment to sysvar program (#7017)

automerge
---
 runtime/src/system_instruction_processor.rs | 31 ++++++++++++++++-----
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/runtime/src/system_instruction_processor.rs b/runtime/src/system_instruction_processor.rs
index b432590bc7..4f2ab82969 100644
--- a/runtime/src/system_instruction_processor.rs
+++ b/runtime/src/system_instruction_processor.rs
@@ -37,12 +37,6 @@ fn create_system_account(
         return Err(SystemError::AccountAlreadyInUse.into());
     }
 
-    // guard against sysvars being made
-    if sysvar::check_id(&program_id) {
-        debug!("CreateAccount: program id {} invalid", program_id);
-        return Err(SystemError::InvalidProgramId.into());
-    }
-
     if sysvar::is_sysvar_id(&to.unsigned_key()) {
         debug!("CreateAccount: account id {} invalid", program_id);
         return Err(SystemError::InvalidAccountId.into());
@@ -55,9 +49,10 @@ fn create_system_account(
         );
         return Err(SystemError::ResultWithNegativeLamports.into());
     }
+
+    assign_account_to_program(to, program_id)?;
     from.account.lamports -= lamports;
     to.account.lamports += lamports;
-    to.account.owner = *program_id;
     to.account.data = vec![0; space as usize];
     to.account.executable = false;
     Ok(())
@@ -72,6 +67,12 @@ fn assign_account_to_program(
         return Err(InstructionError::MissingRequiredSignature);
     }
 
+    // guard against sysvars being assigned
+    if sysvar::check_id(&program_id) {
+        debug!("Assign: program id {} invalid", program_id);
+        return Err(SystemError::InvalidProgramId.into());
+    }
+
     account.account.owner = *program_id;
     Ok(())
 }
@@ -409,6 +410,22 @@ mod tests {
         );
     }
 
+    #[test]
+    fn test_assign_account_to_sysvar() {
+        let new_program_owner = sysvar::id();
+
+        let from = Pubkey::new_rand();
+        let mut from_account = Account::new(100, 0, &system_program::id());
+
+        assert_eq!(
+            assign_account_to_program(
+                &mut KeyedAccount::new(&from, true, &mut from_account),
+                &new_program_owner,
+            ),
+            Err(SystemError::InvalidProgramId.into())
+        );
+    }
+
     #[test]
     fn test_process_bogus_instruction() {
         // Attempt to assign with no accounts