[Fix]: integer overflow in JumpTable.SubStr
#3496
Conversation
nan01ab
changed the title
JumpTable.SubStr Fix]: integer overflow in JumpTable.SubStr
| "0x0a", | ||
| "0x00010203040506070809", | ||
| "PUSHINT32", | ||
| "0x7FFFFFFF", |
There was a problem hiding this comment.
I'd also add some tests for INT64, like:
byte(opcode.PUSHINT64), 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F,
byte(opcode.PUSH2),
It'll fail (in NeoGo it's at instruction 22 (SUBSTR): not an int32), but just to make sure.
|
Rebase needed |
shargon
added
Hardfork
Waiting-Hardfork
Bug
There was a problem hiding this comment.
I think we don't need a HF, previously could be a DoS but not difference in the execution. Isn't it? @roman-khimov
|
That's the question of "can we arrange a set of parameters that would fail with the new code, but succeed with the old one". This requires some probing. I'm not exactly sure of I'd include it into Echidna for safety reasons, but if we can prove it can't be exploited to change execution result then OK, it can go without a HF. |
I agree. Don't need a HF |
cschuchardt88
force-pushed
the
HF_Echidna
branch
from
16a9c29 to
0457ccd
Compare
it was merged with hardfork prs,,,,lets discuss it in the meeting. |
|
This is the already the default behavior in dotnet https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/compiler-options/language#checkforoverflowunderflow |
|
my bad -- integral-type |
| /// <param name="instruction">The instruction being executed.</param> | ||
| /// <remarks>Pop 3, Push 1</remarks> | ||
| [MethodImpl(MethodImplOptions.AggressiveInlining)] | ||
| private static void VulnerableSubStr(ExecutionEngine engine, Instruction instruction) |
There was a problem hiding this comment.
I think is not required, but you think that it is, here is the solution, jump table allow it :)
| @@ -399,13 +407,42 @@ internal override void UnloadContext(ExecutionContext context) | |||
| /// <returns>The engine instance created.</returns> | |||
| public static ApplicationEngine Create(TriggerType trigger, IVerifiable container, DataCache snapshot, Block persistingBlock = null, ProtocolSettings settings = null, long gas = TestModeGas, IDiagnostic diagnostic = null) | |||
| { | |||
| var index = persistingBlock?.Index ?? NativeContract.Ledger.CurrentIndex(snapshot); | |||
There was a problem hiding this comment.
@shargon
Object reference not set to an instance of an object.
on test Neo.UnitTests.SmartContract.UT_NotifyEventArgs.TestIssue3300
There was a problem hiding this comment.
Could be snapshot or GetInteroperable<HashIndexState>()
neo/src/Neo/SmartContract/Native/LedgerContract.cs
Lines 119 to 122 in eb96d14
There was a problem hiding this comment.
If is snapshot we can return 0, otherwise we should fix the test
There was a problem hiding this comment.
Would this work for CurrentIndex?
snapshot?[CreateStorageKey(Prefix_CurrentBlock)]?.GetInteroperable<HashIndexState>()?.Index ?? 0; There was a problem hiding this comment.
We should not change the logic in native contracts for this
* add hardofork HF_Echidna * Add entries to `Designation` event (#3397) * Add entries to Designation event * Change to HF_Echidna * Add UT * Add count * [Neo Core StdLib] Add Base64url (#3453) * add base64url * active in * update placehold hf height * fix hf issue and move methods to proper place. * fix test * use identifymodel instead. * add hardofork HF_Echidna * Add entries to `Designation` event (#3397) * Add entries to Designation event * Change to HF_Echidna * Add UT * Add count * [Neo Core StdLib] Add Base64url (#3453) * add base64url * active in * update placehold hf height * fix hf issue and move methods to proper place. * fix test * use identifymodel instead. * add hardofork HF_Echidna * Add entries to `Designation` event (#3397) * Add entries to Designation event * Change to HF_Echidna * Add UT * Add count * [Neo Core StdLib] Add Base64url (#3453) * add base64url * active in * update placehold hf height * fix hf issue and move methods to proper place. * fix test * use identifymodel instead. * format * Fixed typo * Added back #3397 * Fixed tests * fixed global.json * Update src/Neo/Neo.csproj * Update src/Neo/Neo.csproj * [`Fix`]: integer overflow in `JumpTable.SubStr ` (#3496) * fix: int overflow in SubStr * fix: int overflow in SubStr * format * Versioning change * Clean * Rename * Show change * Space * remove duplicated lines in gitignroe --------- Co-authored-by: Jimmy <[email protected]> Co-authored-by: Shargon <[email protected]> * Fix NEO callstates (#3599) * Allow callstates to use HF * Rename to method * Other rename * Change the way * Reduce changes * Reduce changes * Adapt name always * Avoid string when only is lower the first char * UT * Test all * Update src/Neo/ProtocolSettings.cs Co-authored-by: Christopher Schuchardt <[email protected]> * Update src/Neo/ProtocolSettings.cs Co-authored-by: Christopher Schuchardt <[email protected]> * Reuse Load from stream * Unify * Fix default logic * Change ContractMethod to allowMultiple * Use LowerInvariant * Move CheckingHardfork * Remove optional arg * Fix build * Avoid file not found error --------- Co-authored-by: Christopher Schuchardt <[email protected]> * fix tests error (#3636) * fux build error * Update src/Neo/SmartContract/ApplicationEngine.cs --------- Co-authored-by: Shargon <[email protected]> * NeoToken: accept candidate registration via onNEP17Payment (#3597) Solves two problems: * inability to estimate GAS needed for registerCandidate in a regular way because of its very high fee (more than what normal RPC servers allow) * inability to have MaxBlockSystemFee lower than the registration price which is very high on its own (more than practically possible to execute) Fixes #3552. Signed-off-by: Roman Khimov <[email protected]> * specify the argument exception information. * Fix Ut (#3635) * NeoToken: add NEP-27 to supported standards list starting from Echidna (#3643) #3597 introduces `onNEP17Payment` handler to native NeoToke contract starting from Echidna hardfork. We need to update the list of supported standards respectively. Signed-off-by: Anna Shaleva <[email protected]> * ut: fix HF_Echidna unit tests (#3646) * Fix UT * Update src/Neo/ProtocolSettings.cs Co-authored-by: nan01ab <[email protected]> * Update src/Neo/ProtocolSettings.cs Co-authored-by: nan01ab <[email protected]> * Update src/Neo/ProtocolSettings.cs Co-authored-by: Christopher Schuchardt <[email protected]> --------- Co-authored-by: Jimmy <[email protected]> Co-authored-by: nan01ab <[email protected]> Co-authored-by: Christopher Schuchardt <[email protected]> * [Core Add] Add support to Ed25519 (#3507) * fix unnecessary change * Clean using --------- Co-authored-by: Fernando Diaz Toledano <[email protected]> * Fix `HF_Echidna` comments (#3679) * Fix obsolete * Fix https://github.com/neo-project/neo/pull/3454/files#r1912152270 * Fix comment * Update RoleManagement.cs * Unset HF_Echidna * Revert getTransaction * Revert verifyWithECDsa * format --------- Signed-off-by: Roman Khimov <[email protected]> Signed-off-by: Anna Shaleva <[email protected]> Co-authored-by: Shargon <[email protected]> Co-authored-by: Christopher Schuchardt <[email protected]> Co-authored-by: nan01ab <[email protected]> Co-authored-by: Roman Khimov <[email protected]> Co-authored-by: Anna Shaleva <[email protected]> Co-authored-by: Vitor Nazário Coelho <[email protected]>
Description
Fix integer overflow in
JumpTable.SubStrFixes #3495
Type of change
Checklist: