From 0bf6dfb9401dbf9781ba100f016ea6e8772cae16 Mon Sep 17 00:00:00 2001 From: Emmanuel T Odeke Date: Wed, 6 Mar 2024 13:22:25 +0300 Subject: [PATCH] fix(pkg/proof): reject negative indices in QueryTxInclusionProof (#3141) This change ensures that any negative indices are outright rejected to avoid any future overflows due to the wrapping around of uint64(v) and control from and outside caller. Fixes #3140. (cherry picked from commit adb7a570026bdfc57174b1f6aa150a7676968ef2) # Conflicts: # pkg/proof/proof_test.go --- pkg/proof/proof_test.go | 56 +++++++++++++++++++++++++++++++++++++++++ pkg/proof/querier.go | 3 +++ 2 files changed, 59 insertions(+) diff --git a/pkg/proof/proof_test.go b/pkg/proof/proof_test.go index 5b67039836..950230e9fe 100644 --- a/pkg/proof/proof_test.go +++ b/pkg/proof/proof_test.go @@ -2,8 +2,11 @@ package proof_test import ( "bytes" + "strings" "testing" + sdk "github.com/cosmos/cosmos-sdk/types" + abci "github.com/tendermint/tendermint/abci/types" tmrand "github.com/tendermint/tendermint/libs/rand" "github.com/celestiaorg/celestia-app/app" @@ -221,3 +224,56 @@ func TestNewShareInclusionProof(t *testing.T) { }) } } +<<<<<<< HEAD +======= + +// TestAllSharesInclusionProof creates a proof for all shares in the data +// square. Since we can't prove multiple namespaces at the moment, all the +// shares use the same namespace. +func TestAllSharesInclusionProof(t *testing.T) { + txs := testfactory.GenerateRandomTxs(243, 500) + + dataSquare, err := square.Construct(txs.ToSliceOfBytes(), appconsts.SquareSizeUpperBound(appconsts.LatestVersion), appconsts.SubtreeRootThreshold(appconsts.LatestVersion)) + require.NoError(t, err) + assert.Equal(t, 256, len(dataSquare)) + + // erasure the data square which we use to create the data root. + eds, err := da.ExtendShares(shares.ToBytes(dataSquare)) + require.NoError(t, err) + + // create the new data root by creating the data availability header (merkle + // roots of each row and col of the erasure data). + dah, err := da.NewDataAvailabilityHeader(eds) + require.NoError(t, err) + dataRoot := dah.Hash() + + actualNamespace, err := proof.ParseNamespace(dataSquare, 0, 256) + require.NoError(t, err) + require.Equal(t, appns.TxNamespace, actualNamespace) + proof, err := proof.NewShareInclusionProof( + dataSquare, + appns.TxNamespace, + shares.NewRange(0, 256), + ) + require.NoError(t, err) + assert.NoError(t, proof.Validate(dataRoot)) +} + +// Ensure that we reject negative index values and avoid overflows. +// https://github.com/celestiaorg/celestia-app/issues/3140 +func TestQueryTxInclusionProofRejectsNegativeValues(t *testing.T) { + path := []string{"-2"} + req := abci.RequestQuery{Data: []byte{}} + ctx := sdk.Context{} + rawProof, err := proof.QueryTxInclusionProof(ctx, path, req) + if err == nil { + t.Fatal("expected a non-nil error") + } + if !strings.Contains(err.Error(), "negative") { + t.Fatalf("The error should reject negative values and report such, but did not\n\tGot: %v", err) + } + if len(rawProof) != 0 { + t.Fatal("no rawProof expected") + } +} +>>>>>>> adb7a570 (fix(pkg/proof): reject negative indices in QueryTxInclusionProof (#3141)) diff --git a/pkg/proof/querier.go b/pkg/proof/querier.go index 92798ed6bc..7bca88f114 100644 --- a/pkg/proof/querier.go +++ b/pkg/proof/querier.go @@ -34,6 +34,9 @@ func QueryTxInclusionProof(_ sdk.Context, path []string, req abci.RequestQuery) if err != nil { return nil, err } + if index < 0 { + return nil, fmt.Errorf("path[0] element: %q produced a negative value: %d", path[0], index) + } // unmarshal the block data that is passed from the ABCI client pbb := new(tmproto.Block)