diff options
| author | Martin Holst Swende <martin@swende.se> | 2018-01-13 23:03:24 +0800 |
|---|---|---|
| committer | Martin Holst Swende <martin@swende.se> | 2018-02-21 19:27:50 +0800 |
| commit | bd6ed23899c8a3b4b6d0db29f0f6298e492cedd6 (patch) | |
| tree | f49c560581a1583748b9667ff05afe6038bf67d4 /accounts/abi/unpack_test.go | |
| parent | 08c5d4dd271c58385df94842f1b5700ca6ef181c (diff) | |
| download | go-tangerine-bd6ed23899c8a3b4b6d0db29f0f6298e492cedd6.tar go-tangerine-bd6ed23899c8a3b4b6d0db29f0f6298e492cedd6.tar.gz go-tangerine-bd6ed23899c8a3b4b6d0db29f0f6298e492cedd6.tar.bz2 go-tangerine-bd6ed23899c8a3b4b6d0db29f0f6298e492cedd6.tar.lz go-tangerine-bd6ed23899c8a3b4b6d0db29f0f6298e492cedd6.tar.xz go-tangerine-bd6ed23899c8a3b4b6d0db29f0f6298e492cedd6.tar.zst go-tangerine-bd6ed23899c8a3b4b6d0db29f0f6298e492cedd6.zip | |
accounts/abi: harden unpacking against malicious input
Diffstat (limited to 'accounts/abi/unpack_test.go')
| -rw-r--r-- | accounts/abi/unpack_test.go | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/accounts/abi/unpack_test.go b/accounts/abi/unpack_test.go index e9f910812..742211244 100644 --- a/accounts/abi/unpack_test.go +++ b/accounts/abi/unpack_test.go @@ -683,3 +683,73 @@ func TestUnmarshal(t *testing.T) { t.Fatal("expected error:", err) } } + +func TestOOMMaliciousInput(t *testing.T) { + oomTests := []unpackTest{ + { + def: `[{"type": "uint8[]"}]`, + enc: "0000000000000000000000000000000000000000000000000000000000000020" + // offset + "0000000000000000000000000000000000000000000000000000000000000003" + // num elems + "0000000000000000000000000000000000000000000000000000000000000001" + // elem 1 + "0000000000000000000000000000000000000000000000000000000000000002", // elem 2 + }, + { // Length larger than 64 bits + def: `[{"type": "uint8[]"}]`, + enc: "0000000000000000000000000000000000000000000000000000000000000020" + // offset + "00ffffffffffffffffffffffffffffffffffffffffffffff0000000000000002" + // num elems + "0000000000000000000000000000000000000000000000000000000000000001" + // elem 1 + "0000000000000000000000000000000000000000000000000000000000000002", // elem 2 + }, + { // Offset very large (over 64 bits) + def: `[{"type": "uint8[]"}]`, + enc: "00ffffffffffffffffffffffffffffffffffffffffffffff0000000000000020" + // offset + "0000000000000000000000000000000000000000000000000000000000000002" + // num elems + "0000000000000000000000000000000000000000000000000000000000000001" + // elem 1 + "0000000000000000000000000000000000000000000000000000000000000002", // elem 2 + }, + { // Offset very large (below 64 bits) + def: `[{"type": "uint8[]"}]`, + enc: "0000000000000000000000000000000000000000000000007ffffffffff00020" + // offset + "0000000000000000000000000000000000000000000000000000000000000002" + // num elems + "0000000000000000000000000000000000000000000000000000000000000001" + // elem 1 + "0000000000000000000000000000000000000000000000000000000000000002", // elem 2 + }, + { // Offset negative (as 64 bit) + def: `[{"type": "uint8[]"}]`, + enc: "000000000000000000000000000000000000000000000000f000000000000020" + // offset + "0000000000000000000000000000000000000000000000000000000000000002" + // num elems + "0000000000000000000000000000000000000000000000000000000000000001" + // elem 1 + "0000000000000000000000000000000000000000000000000000000000000002", // elem 2 + }, + + { // Negative length + def: `[{"type": "uint8[]"}]`, + enc: "0000000000000000000000000000000000000000000000000000000000000020" + // offset + "000000000000000000000000000000000000000000000000f000000000000002" + // num elems + "0000000000000000000000000000000000000000000000000000000000000001" + // elem 1 + "0000000000000000000000000000000000000000000000000000000000000002", // elem 2 + }, + { // Very large length + def: `[{"type": "uint8[]"}]`, + enc: "0000000000000000000000000000000000000000000000000000000000000020" + // offset + "0000000000000000000000000000000000000000000000007fffffffff000002" + // num elems + "0000000000000000000000000000000000000000000000000000000000000001" + // elem 1 + "0000000000000000000000000000000000000000000000000000000000000002", // elem 2 + }, + } + for i, test := range oomTests { + def := fmt.Sprintf(`[{ "name" : "method", "outputs": %s}]`, test.def) + abi, err := JSON(strings.NewReader(def)) + if err != nil { + t.Fatalf("invalid ABI definition %s: %v", def, err) + } + encb, err := hex.DecodeString(test.enc) + if err != nil { + t.Fatalf("invalid hex: %s" + test.enc) + } + _, err = abi.Methods["method"].Outputs.UnpackValues(encb) + if err == nil { + t.Fatalf("Expected error on malicious input, test %d", i) + } + } +} |