common: NewBitArray never crashes on negatives (#170)

Fixes #169 Fixes https://github.com/tendermint/tendermint/issues/1322 The previous code was very trusting assuming that rational actors will use this code. However, Byzantine actors don't care and in the case of the linked issue negative lengths can be sent to this code unfettered having been received from a peer. This code is essentially just a sign change from `==` to `<=` and we've gutted out that attack by being more defensive.
2018-03-18 04:17:11 -07:00 · 2018-03-18 04:17:11 -07:00 · 97bdad8262
parent 26f2ab65f8
commit 97bdad8262
2 changed files with 8 additions and 1 deletions
--- a/common/bit_array.go
+++ b/common/bit_array.go
@ -15,7 +15,7 @@ type BitArray struct {

 // There is no BitArray whose Size is 0.  Use nil instead.
 func NewBitArray(bits int) *BitArray {
-	if bits == 0 {
+	if bits <= 0 {
 		return nil
 	}
 	return &BitArray{
--- a/common/bit_array_test.go
+++ b/common/bit_array_test.go
@ -208,3 +208,10 @@ func TestUpdateNeverPanics(t *testing.T) {
 		b.Update(a)
 	}
 }
+
+func TestNewBitArrayNeverCrashesOnNegatives(t *testing.T) {
+	bitList := []int{-127, -128, -1<<31}
+	for _, bits := range bitList {
+		_ = NewBitArray(bits)
+	}
+}