fix: nil deref during handshade decoding

maticnetwork · Dec 5, 2024 · d8d5bb8 · d8d5bb8
1 parent ee5318b
commit d8d5bb8
Showing 1 changed file with 19 additions and 16 deletions.
diff --git a/p2p/discover/v5wire/encoding.go b/p2p/discover/v5wire/encoding.go
@@ -538,7 +538,9 @@ func (c *Codec) decodeWhoareyou(head *Header, headerData []byte) (Packet, error)
 func (c *Codec) decodeHandshakeMessage(fromAddr string, head *Header, headerData, msgData []byte) (n *enode.Node, p Packet, err error) {
 	node, auth, session, err := c.decodeHandshake(fromAddr, head)
 	if err != nil {
-		c.sc.deleteHandshake(auth.h.SrcID, fromAddr)
+		if auth != nil {
+			c.sc.deleteHandshake(auth.h.SrcID, fromAddr)
+		}
 		return nil, nil, err
 	}
 
@@ -556,39 +558,40 @@ func (c *Codec) decodeHandshakeMessage(fromAddr string, head *Header, headerData
 	return node, msg, nil
 }
 
-func (c *Codec) decodeHandshake(fromAddr string, head *Header) (n *enode.Node, auth handshakeAuthData, s *session, err error) {
-	if auth, err = c.decodeHandshakeAuthData(head); err != nil {
-		return nil, auth, nil, err
+func (c *Codec) decodeHandshake(fromAddr string, head *Header) (n *enode.Node, auth *handshakeAuthData, s *session, err error) {
+	tempAuth := &handshakeAuthData{}
+	if *tempAuth, err = c.decodeHandshakeAuthData(head); err != nil {
+		return nil, nil, nil, err
 	}
 
 	// Verify against our last WHOAREYOU.
-	challenge := c.sc.getHandshake(auth.h.SrcID, fromAddr)
+	challenge := c.sc.getHandshake(tempAuth.h.SrcID, fromAddr)
 	if challenge == nil {
-		return nil, auth, nil, errUnexpectedHandshake
+		return nil, nil, nil, errUnexpectedHandshake
 	}
 	// Get node record.
-	n, err = c.decodeHandshakeRecord(challenge.Node, auth.h.SrcID, auth.record)
+	n, err = c.decodeHandshakeRecord(challenge.Node, tempAuth.h.SrcID, tempAuth.record)
 	if err != nil {
-		return nil, auth, nil, err
+		return nil, nil, nil, err
 	}
 	// Verify ID nonce signature.
-	sig := auth.signature
+	sig := tempAuth.signature
 	cdata := challenge.ChallengeData
 
-	err = verifyIDSignature(c.sha256, sig, n, cdata, auth.pubkey, c.localnode.ID())
+	err = verifyIDSignature(c.sha256, sig, n, cdata, tempAuth.pubkey, c.localnode.ID())
 	if err != nil {
-		return nil, auth, nil, err
+		return nil, nil, nil, err
 	}
-	// Verify ephemeral key is on curve.
-	ephkey, err := DecodePubkey(c.privkey.Curve, auth.pubkey)
+	// Verify ephemeral key is on curve
+	ephkey, err := DecodePubkey(c.privkey.Curve, tempAuth.pubkey)
 	if err != nil {
-		return nil, auth, nil, errInvalidAuthKey
+		return nil, nil, nil, errInvalidAuthKey
 	}
 	// Derive session keys.
-	session := deriveKeys(sha256.New, c.privkey, ephkey, auth.h.SrcID, c.localnode.ID(), cdata)
+	session := deriveKeys(sha256.New, c.privkey, ephkey, tempAuth.h.SrcID, c.localnode.ID(), cdata)
 	session = session.keysFlipped()
 
-	return n, auth, session, nil
+	return n, tempAuth, session, nil
 }
 
 // decodeHandshakeAuthData reads the authdata section of a handshake packet.