From ec34e0d5fe7bff61cfb6289cb68fc188a2724737 Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Thu, 23 Nov 2023 17:46:07 +0100 Subject: [PATCH] rpc: Sanity-check allocations when decoding This reverts commit 1ee4113b88fb49e9b3ad2aec8700b4d53473efe7 and updates stellar/go to https://github.com/stellar/go/pull/5116 --- .../internal/methods/get_ledger_entries.go | 9 --------- .../internal/methods/get_ledger_entry.go | 16 ++++------------ .../internal/methods/send_transaction.go | 16 ++++------------ .../internal/methods/simulate_transaction.go | 8 -------- 4 files changed, 8 insertions(+), 41 deletions(-) diff --git a/cmd/soroban-rpc/internal/methods/get_ledger_entries.go b/cmd/soroban-rpc/internal/methods/get_ledger_entries.go index 0b444ce1c..c0f32f2df 100644 --- a/cmd/soroban-rpc/internal/methods/get_ledger_entries.go +++ b/cmd/soroban-rpc/internal/methods/get_ledger_entries.go @@ -6,7 +6,6 @@ import ( "github.com/creachadair/jrpc2" "github.com/creachadair/jrpc2/handler" - "github.com/stellar/go/gxdr" "github.com/stellar/go/support/log" "github.com/stellar/go/xdr" @@ -51,14 +50,6 @@ func NewGetLedgerEntriesHandler(logger *log.Entry, ledgerEntryReader db.LedgerEn var ledgerKeys []xdr.LedgerKey for i, requestKey := range request.Keys { var ledgerKey xdr.LedgerKey - if err := gxdr.ValidateLedgerKey(requestKey, gxdr.DefaultMaxDepth); err != nil { - logger.WithError(err).WithField("request", request). - Infof("could not validate ledgerKey at index %d from getLedgerEntries request", i) - return GetLedgerEntriesResponse{}, &jrpc2.Error{ - Code: jrpc2.InvalidParams, - Message: fmt.Sprintf("cannot unmarshal key value %s at index %d", requestKey, i), - } - } if err := xdr.SafeUnmarshalBase64(requestKey, &ledgerKey); err != nil { logger.WithError(err).WithField("request", request). Infof("could not unmarshal requestKey %s at index %d from getLedgerEntries request", requestKey, i) diff --git a/cmd/soroban-rpc/internal/methods/get_ledger_entry.go b/cmd/soroban-rpc/internal/methods/get_ledger_entry.go index 614c6e634..b2aea2608 100644 --- a/cmd/soroban-rpc/internal/methods/get_ledger_entry.go +++ b/cmd/soroban-rpc/internal/methods/get_ledger_entry.go @@ -6,7 +6,6 @@ import ( "github.com/creachadair/jrpc2" "github.com/creachadair/jrpc2/handler" - "github.com/stellar/go/gxdr" "github.com/stellar/go/support/log" "github.com/stellar/go/xdr" @@ -30,26 +29,19 @@ type GetLedgerEntryResponse struct { LiveUntilLedgerSeq *uint32 `json:"LiveUntilLedgerSeq,string,omitempty"` } -var invalidLedgerKeyXdrError = &jrpc2.Error{ - Code: jrpc2.InvalidParams, - Message: "cannot unmarshal key value", -} - // NewGetLedgerEntryHandler returns a json rpc handler to retrieve the specified ledger entry from stellar core // Deprecated. use NewGetLedgerEntriesHandler instead. // TODO(https://github.com/stellar/soroban-tools/issues/374) remove after getLedgerEntries is deployed. func NewGetLedgerEntryHandler(logger *log.Entry, ledgerEntryReader db.LedgerEntryReader) jrpc2.Handler { return handler.New(func(ctx context.Context, request GetLedgerEntryRequest) (GetLedgerEntryResponse, error) { - if err := gxdr.ValidateLedgerKey(request.Key, gxdr.DefaultMaxDepth); err != nil { - logger.WithError(err).WithField("request", request). - Info("could not validate ledgerKey from getLedgerEntry request") - return GetLedgerEntryResponse{}, invalidLedgerKeyXdrError - } var key xdr.LedgerKey if err := xdr.SafeUnmarshalBase64(request.Key, &key); err != nil { logger.WithError(err).WithField("request", request). Info("could not unmarshal ledgerKey from getLedgerEntry request") - return GetLedgerEntryResponse{}, invalidLedgerKeyXdrError + return GetLedgerEntryResponse{}, &jrpc2.Error{ + Code: jrpc2.InvalidParams, + Message: "cannot unmarshal key value", + } } if key.Type == xdr.LedgerEntryTypeTtl { diff --git a/cmd/soroban-rpc/internal/methods/send_transaction.go b/cmd/soroban-rpc/internal/methods/send_transaction.go index 3651d7e68..1ec8dd53c 100644 --- a/cmd/soroban-rpc/internal/methods/send_transaction.go +++ b/cmd/soroban-rpc/internal/methods/send_transaction.go @@ -6,7 +6,6 @@ import ( "github.com/creachadair/jrpc2" "github.com/creachadair/jrpc2/handler" - "github.com/stellar/go/gxdr" "github.com/stellar/go/network" proto "github.com/stellar/go/protocols/stellarcore" "github.com/stellar/go/support/log" @@ -49,24 +48,17 @@ type LatestLedgerStore interface { GetLatestLedger() transactions.LedgerInfo } -var invalidTransactionXdrError = &jrpc2.Error{ - Code: jrpc2.InvalidParams, - Message: "invalid_xdr", -} - // NewSendTransactionHandler returns a submit transaction json rpc handler func NewSendTransactionHandler(daemon interfaces.Daemon, logger *log.Entry, store LatestLedgerStore, passphrase string) jrpc2.Handler { submitter := daemon.CoreClient() return handler.New(func(ctx context.Context, request SendTransactionRequest) (SendTransactionResponse, error) { - if err := gxdr.ValidateTransactionEnvelope(request.Transaction, gxdr.DefaultMaxDepth); err != nil { - logger.WithError(err).WithField("request", request). - Info("could not validate send transaction envelope") - return SendTransactionResponse{}, invalidTransactionXdrError - } var envelope xdr.TransactionEnvelope err := xdr.SafeUnmarshalBase64(request.Transaction, &envelope) if err != nil { - return SendTransactionResponse{}, invalidTransactionXdrError + return SendTransactionResponse{}, &jrpc2.Error{ + Code: jrpc2.InvalidParams, + Message: "invalid_xdr", + } } var hash [32]byte diff --git a/cmd/soroban-rpc/internal/methods/simulate_transaction.go b/cmd/soroban-rpc/internal/methods/simulate_transaction.go index cd6a8bae1..786633611 100644 --- a/cmd/soroban-rpc/internal/methods/simulate_transaction.go +++ b/cmd/soroban-rpc/internal/methods/simulate_transaction.go @@ -7,7 +7,6 @@ import ( "github.com/creachadair/jrpc2" "github.com/creachadair/jrpc2/handler" - "github.com/stellar/go/gxdr" "github.com/stellar/go/support/log" "github.com/stellar/go/xdr" @@ -54,13 +53,6 @@ type PreflightGetter interface { func NewSimulateTransactionHandler(logger *log.Entry, ledgerEntryReader db.LedgerEntryReader, ledgerReader db.LedgerReader, getter PreflightGetter) jrpc2.Handler { return handler.New(func(ctx context.Context, request SimulateTransactionRequest) SimulateTransactionResponse { - if err := gxdr.ValidateTransactionEnvelope(request.Transaction, gxdr.DefaultMaxDepth); err != nil { - logger.WithError(err).WithField("request", request). - Info("could not validate simulate transaction envelope") - return SimulateTransactionResponse{ - Error: "Could not unmarshal transaction", - } - } var txEnvelope xdr.TransactionEnvelope if err := xdr.SafeUnmarshalBase64(request.Transaction, &txEnvelope); err != nil { logger.WithError(err).WithField("request", request).