-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure that account info address is not in an account #3044
base: master
Are you sure you want to change the base?
Conversation
The Firedancer team maintains a line-for-line reimplementation of the |
// In the same vein as the other check_account_info_pointer() checks, we don't lock | ||
// this pointer to a specific address but we don't want it to be inside accounts, or | ||
// callees might be able to write to the pointed memory. | ||
if direct_mapping && account_infos_addr >= ebpf::MM_INPUT_START { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should check the end of the slice, not the beginning.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True. This is also done in some other places, I'll fix those up too.
I suppose this would be hard to exploit but might as well do it right.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually I couldn't not find any others
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I've re-writtten this. It looks a bit like an open-coded llvm gep :) Let me know if there is a better way of doing this.
This check will become unreachable I think: agave/programs/bpf_loader/src/syscalls/cpi.rs Line 324 in 77789fc
Because |
5c5ec13
to
e6a5e5e
Compare
I agree, nice catch. Removed. |
how was the test not failing on this tho then if you were putting SolAccountInfos inside accounts? |
The test is working on Come to think it, let me check if we have coverage for that. |
e6a5e5e
to
38e77f6
Compare
I couldn't find an explicit test, so I've added one. |
@Lichtso could I have another review please, thanks |
Problem
Summary of Changes
Fixes #