Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/bank/types: fix AddressFromBalancesStore panics with invalid keys #9061

Merged
merged 1 commit into from
Apr 7, 2021
Merged

x/bank/types: fix AddressFromBalancesStore panics with invalid keys #9061

merged 1 commit into from
Apr 7, 2021

Conversation

cuonglm
Copy link
Contributor

@cuonglm cuonglm commented Apr 7, 2021
edited
Loading

Description

Currently, AddressFromBalancesStore uses the input key without any
validation, so an empty key or an invalid key length cause it panics.

This commit fixes the problem, by introducing new InvalidKey type, which
will be returned to the caller when an invalid key was passed.

Found by fuzzing added in #9060.

Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.

  • Targeted PR against correct branch (see CONTRIBUTING.md)
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Code follows the module structure standards.
  • Wrote unit and integration tests
  • Updated relevant documentation (docs/) or specification (x/<module>/spec/)
  • Added relevant godoc comments.
  • Added a relevant changelog entry to the Unreleased section in CHANGELOG.md
  • Re-reviewed Files changed in the Github PR explorer
  • Review Codecov Report in the comment section below once CI passes

@cuonglm
Copy link
Contributor Author

cuonglm commented Apr 7, 2021

cc @odeke-em

@codecov
Copy link

codecov bot commented Apr 7, 2021
edited
Loading

Codecov Report

Merging #9061 (117be8d) into master (a3b3a67) will decrease coverage by 0.00%.
The diff coverage is 66.66%.

❗ Current head 117be8d differs from pull request most recent head 413897b. Consider uploading reports for the commit 413897b to get more accurate results
Impacted file tree graph

@@            Coverage Diff             @@
##           master    #9061      +/-   ##
==========================================
- Coverage   58.95%   58.95%   -0.01%     
==========================================
  Files         574      574              
  Lines       32213    32220       +7     
==========================================
+ Hits        18992    18996       +4     
- Misses      11002    11004       +2     
- Partials     2219     2220       +1
Impacted Files Coverage Δ
x/bank/keeper/view.go 85.36% <25.00%> (-3.25%) ⬇️
x/bank/types/key.go 70.00% <100.00%> (+20.00%) ⬆️

odeke-em
odeke-em approved these changes Apr 7, 2021
View reviewed changes
Copy link
Collaborator

@odeke-em odeke-em left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you @cuonglm! I've filed an issue for it #9062, so please update the commit message and also the message on the PR to indicate a Fixes #NNNN

/cc @marbar3778 @alessio

tac0turtle
tac0turtle approved these changes Apr 7, 2021
View reviewed changes
Copy link
Member

@tac0turtle tac0turtle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

amaury1093
amaury1093 reviewed Apr 7, 2021
View reviewed changes
x/bank/types/key.go Outdated Show resolved Hide resolved
amaury1093
amaury1093 suggested changes Apr 7, 2021
View reviewed changes
Copy link
Contributor

@amaury1093 amaury1093 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking for now. Would like to avoid manipulating sdk.AccAddress(0x00).

@odeke-em
Copy link
Collaborator

odeke-em commented Apr 7, 2021 via email

@cuonglm
Copy link
Contributor Author

cuonglm commented Apr 7, 2021

@odeke-em @AmauryM PTAL!

amaury1093
amaury1093 reviewed Apr 7, 2021
View reviewed changes
x/bank/types/key.go Outdated Show resolved Hide resolved
x/bank/keeper/view.go Outdated Show resolved Hide resolved
@cuonglm cuonglm requested a review from amaury1093 April 7, 2021 16:02
@cuonglm
x/bank/types: fix AddressFromBalancesStore panics with invalid keys
413897b 
Currently, AddressFromBalancesStore uses the input key without any
validation, so an empty key or an invalid key length cause it panics.

This commit fixes the problem, by returning an error in case of invalid
key was passed.

Found by fuzzing added in #9060.

Fixed #9062
@cuonglm cuonglm requested a review from amaury1093 April 7, 2021 16:08
amaury1093
amaury1093 approved these changes Apr 7, 2021
View reviewed changes
Copy link
Contributor

@amaury1093 amaury1093 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks!

@amaury1093 amaury1093 added the A:automerge Automatically merge PR once all prerequisites pass. label Apr 7, 2021
@mergify mergify bot merged commit 3a5550a into cosmos:master Apr 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@odeke-em odeke-em odeke-em approved these changes

@tac0turtle tac0turtle tac0turtle approved these changes

@amaury1093 amaury1093 amaury1093 approved these changes

@aaronc aaronc Awaiting requested review from aaronc

@alessio alessio Awaiting requested review from alessio

@alexanderbez alexanderbez Awaiting requested review from alexanderbez

Assignees
No one assigned
Labels
A:automerge Automatically merge PR once all prerequisites pass.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cuonglm @odeke-em @amaury1093 @tac0turtle