From 41e3ccbded88b14d9c77ad08f3f8c6561746bbd0 Mon Sep 17 00:00:00 2001 From: bb-2 <43212522+bb-2@users.noreply.github.com> Date: Thu, 7 May 2020 08:21:45 -0400 Subject: [PATCH 1/2] prevent runtime error in user.getKey by checking for nil shortID's in request args --- vms/platformvm/service.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/vms/platformvm/service.go b/vms/platformvm/service.go index e2a9ffe..835ef36 100644 --- a/vms/platformvm/service.go +++ b/vms/platformvm/service.go @@ -34,6 +34,8 @@ var ( errGetStakeSource = errors.New("couldn't get account specified in 'stakeSource'") errNoBlockchainWithAlias = errors.New("there is no blockchain with the specified alias") errDSCantValidate = errors.New("new blockchain can't be validated by default Subnet") + errNilSigner = errors.New("nil ShortID 'signer' is not valid") + errNilTo = errors.New("nil ShortID 'to' is not valid") ) // Service defines the API calls that can be made to the platform chain @@ -674,6 +676,10 @@ func (service *Service) Sign(_ *http.Request, args *SignArgs, reply *SignRespons } user := user{db: db} + if args.Signer.IsZero() { + return errNilSigner + } + key, err := user.getKey(args.Signer) // Key of [args.Signer] if err != nil { return errDB @@ -882,6 +888,10 @@ func (service *Service) ImportAVA(_ *http.Request, args *ImportAVAArgs, response } user := user{db: db} + if args.To.IsZero() { + return errNilTo + } + kc := secp256k1fx.NewKeychain() key, err := user.getKey(args.To) if err != nil { From d8a8617e3b569a162cc7d3909c6b111be5d7ee58 Mon Sep 17 00:00:00 2001 From: bb-2 <43212522+bb-2@users.noreply.github.com> Date: Thu, 7 May 2020 11:21:26 -0400 Subject: [PATCH 2/2] move the argument validity checks to the top of the methods --- vms/platformvm/service.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/vms/platformvm/service.go b/vms/platformvm/service.go index 835ef36..973c6cc 100644 --- a/vms/platformvm/service.go +++ b/vms/platformvm/service.go @@ -669,6 +669,10 @@ type SignResponse struct { func (service *Service) Sign(_ *http.Request, args *SignArgs, reply *SignResponse) error { service.vm.Ctx.Log.Debug("sign called") + if args.Signer.IsZero() { + return errNilSigner + } + // Get the key of the Signer db, err := service.vm.Ctx.Keystore.GetDatabase(args.Username, args.Password) if err != nil { @@ -676,10 +680,6 @@ func (service *Service) Sign(_ *http.Request, args *SignArgs, reply *SignRespons } user := user{db: db} - if args.Signer.IsZero() { - return errNilSigner - } - key, err := user.getKey(args.Signer) // Key of [args.Signer] if err != nil { return errDB @@ -881,6 +881,10 @@ type ImportAVAArgs struct { func (service *Service) ImportAVA(_ *http.Request, args *ImportAVAArgs, response *SignResponse) error { service.vm.Ctx.Log.Debug("platform.ImportAVA called") + if args.To.IsZero() { + return errNilTo + } + // Get the key of the Signer db, err := service.vm.Ctx.Keystore.GetDatabase(args.Username, args.Password) if err != nil { @@ -888,10 +892,6 @@ func (service *Service) ImportAVA(_ *http.Request, args *ImportAVAArgs, response } user := user{db: db} - if args.To.IsZero() { - return errNilTo - } - kc := secp256k1fx.NewKeychain() key, err := user.getKey(args.To) if err != nil {