deserialization: update codecs to be more defensive on malicious input

Cargo.toml

@@ -73,7 +73,7 @@ opt-level = 1
 typed-store = "0.1.0"
 typed-store-derive = "0.1.0"
 telemetry-subscribers = { version = "0.2.0", features = ["jaeger", "tokio-console"] }
-mysten-network = "0.2.0"
+mysten-network = { git = "https://github.com/MystenLabs/mysten-infra.git", rev = "62dd8c9c4aa0f5ed2c243546d159d9cf2816f3d9" }
 name-variant = "0.1.0"
 store = { version = "0.1.0", package = "typed-store" }
 
@@ -100,9 +100,9 @@ move-prover-boogie-backend = { git = "https://github.com/move-language/move", re
 fastcrypto = { git = "https://github.com/MystenLabs/fastcrypto", rev = "ab44e914084bd2fa65e7caf64ab32d61910a5d30" }
 
 # anemo dependencies
-anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "7da7c9a1913ed7fadbdd92ebc1b9f48e0c8cef0e" }
-anemo-build = { git = "https://github.com/mystenlabs/anemo.git", rev = "7da7c9a1913ed7fadbdd92ebc1b9f48e0c8cef0e" }
-anemo-tower = { git = "https://github.com/mystenlabs/anemo.git", rev = "7da7c9a1913ed7fadbdd92ebc1b9f48e0c8cef0e" }
+anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f" }
+anemo-build = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f" }
+anemo-tower = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f" }
 
 # Use the same workspace-hack across crates.
 workspace-hack = { path = "crates/workspace-hack" }

crates/sui-benchmark/Cargo.toml

@@ -25,7 +25,7 @@ tracing-subscriber = { version = "0.3.15", features = ["time", "registry", "env-
 telemetry-subscribers.workspace = true
 clap = { version = "3.1.17", features = ["derive"] }
 prometheus = "0.13.2"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 rand = "0.8.5"
 base64 = "0.13.0"
 rand_distr = "0.4.3"

crates/sui-config/Cargo.toml

@@ -17,7 +17,7 @@ serde_with = "1.14.0"
 serde_yaml = "0.8.26"
 rand = "0.8.5"
 dirs = "4.0.0"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 once_cell = "1.14.0"
 tracing = "0.1.36"
 

crates/sui-core/Cargo.toml

@@ -25,7 +25,7 @@ itertools = "0.10.4"
 tracing = "0.1.36"
 signature = "1.6.0"
 bincode = "1.3.3"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 prometheus = "0.13.2"
 arc-swap = "1.5.1"
 tokio-retry = "0.3"

crates/sui-node/Cargo.toml

@@ -12,7 +12,7 @@ anemo-tower.workspace = true
 axum = "0.5.16"
 anyhow = { version = "1.0.64", features = ["backtrace"] }
 clap = { version = "3.2.17", features = ["derive"] }
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 prometheus = "0.13.2"
 tokio = { version = "1.20.1", features = ["full"] }
 tracing = "0.1.36"

crates/sui-simulator/Cargo.toml

@@ -16,4 +16,4 @@ anemo.workspace = true
 fastcrypto = { workspace = true, features = ["copy_key"] }
 
 [target.'cfg(msim)'.dependencies]
-msim = { git = "https://github.com/MystenLabs/mysten-sim.git", rev = "982cf1a544ebd1e2818330f9b1247a4c3dd26c13", package = "msim" }
+msim = { git = "https://github.com/MystenLabs/mysten-sim.git", rev = "b28d77f88434535b166cc60bd3e5018aa75cd705", package = "msim" }

crates/sui/Cargo.toml

@@ -53,7 +53,7 @@ move-cli.workspace = true
 move-package.workspace = true
 
 workspace-hack.workspace = true
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 hex = "0.4.3"
 
 [target.'cfg(not(target_env = "msvc"))'.dependencies]

crates/test-utils/Cargo.toml

@@ -32,7 +32,7 @@ sui-types = { path = "../sui-types" }
 sui-keys = { path = "../sui-keys" }
 sui-sdk = { path = "../sui-sdk" }
 once_cell = "1.14.0"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 
 mysten-network.workspace = true
 move-package.workspace = true

crates/workspace-hack/Cargo.toml

@@ -545,7 +545,7 @@ tiny-bip39 = { version = "1", features = ["chinese-simplified", "chinese-traditi
 tinytemplate = { version = "1", default-features = false }
 tinyvec = { version = "1", features = ["alloc", "tinyvec_macros"] }
 tinyvec_macros = { version = "0.1", default-features = false }
-tokio = { version = "1", features = ["bytes", "fs", "full", "io-std", "io-util", "libc", "macros", "memchr", "mio", "net", "num_cpus", "once_cell", "parking_lot", "process", "rt", "rt-multi-thread", "signal", "signal-hook-registry", "socket2", "sync", "test-util", "time", "tokio-macros", "tracing"] }
+tokio = { version = "1", features = ["bytes", "fs", "full", "io-std", "io-util", "libc", "macros", "memchr", "mio", "net", "num_cpus", "parking_lot", "process", "rt", "rt-multi-thread", "signal", "signal-hook-registry", "socket2", "sync", "test-util", "time", "tokio-macros", "tracing"] }
 tokio-io-timeout = { version = "1", default-features = false }
 tokio-retry = { version = "0.3", default-features = false }
 tokio-rustls = { version = "0.23", features = ["logging", "tls12"] }
@@ -1252,7 +1252,7 @@ tiny-bip39 = { version = "1", features = ["chinese-simplified", "chinese-traditi
 tinytemplate = { version = "1", default-features = false }
 tinyvec = { version = "1", features = ["alloc", "tinyvec_macros"] }
 tinyvec_macros = { version = "0.1", default-features = false }
-tokio = { version = "1", features = ["bytes", "fs", "full", "io-std", "io-util", "libc", "macros", "memchr", "mio", "net", "num_cpus", "once_cell", "parking_lot", "process", "rt", "rt-multi-thread", "signal", "signal-hook-registry", "socket2", "sync", "test-util", "time", "tokio-macros", "tracing"] }
+tokio = { version = "1", features = ["bytes", "fs", "full", "io-std", "io-util", "libc", "macros", "memchr", "mio", "net", "num_cpus", "parking_lot", "process", "rt", "rt-multi-thread", "signal", "signal-hook-registry", "socket2", "sync", "test-util", "time", "tokio-macros", "tracing"] }
 tokio-io-timeout = { version = "1", default-features = false }
 tokio-macros = { version = "1", default-features = false }
 tokio-retry = { version = "0.3", default-features = false }

narwhal/config/Cargo.toml

@@ -8,7 +8,7 @@ publish = false
 
 [dependencies]
 match_opt = "0.1.2"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 serde = { version = "1.0.144", features = ["derive"] }
 serde_with = "2.0.1"
 serde_json = "1.0.85"

narwhal/executor/Cargo.toml

@@ -14,7 +14,7 @@ config = { path = "../config", package = "narwhal-config" }
 consensus = { path = "../consensus", package = "narwhal-consensus" }
 fastcrypto.workspace = true
 futures = "0.3.24"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 primary = { path = "../primary", package = "narwhal-primary" }
 serde = { version = "1.0.144", features = ["derive"] }
 thiserror = "1.0.35"

narwhal/network/Cargo.toml

@@ -12,7 +12,7 @@ backoff = { version = "0.4.0", features = ["tokio"] }
 bytes = "1.2.1"
 fastcrypto.workspace = true
 futures = "0.3.24"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 prometheus = "0.13.2"
 rand = { version = "0.8.5", features = ["small_rng"] }
 thiserror = "1.0.35"

narwhal/node/Cargo.toml

@@ -15,7 +15,7 @@ cfg-if = "1.0.0"
 clap = "2.34"
 dhat = { version = "0.3.0", optional = true }
 futures = "0.3.24"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 mysten-network.workspace = true
 rand = "0.8.5"
 store = { version = "0.1.0", package = "typed-store"}

narwhal/primary/Cargo.toml

@@ -19,7 +19,7 @@ derive_builder = "0.11.2"
 dhat = { version = "0.3.0", optional = true }
 futures = "0.3.24"
 itertools = "0.10.5"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 once_cell = "1.14.0"
 prometheus = "0.13.2"
 prost = "0.10.4"

narwhal/test-utils/Cargo.toml

@@ -16,7 +16,7 @@ fdlimit = "0.2"
 futures = "0.3.24"
 indexmap = { version = "1.9.1", features = ["serde"] }
 itertools = "0.10.5"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 prometheus = "0.13.2"
 rand = "0.8.5"
 serde = { version = "1.0.144", features = ["derive"] }

narwhal/worker/Cargo.toml

@@ -12,7 +12,7 @@ bincode = "1.3.3"
 byteorder = "1.4.3"
 bytes = "1.2.1"
 futures = "0.3.24"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 rand = { version = "0.8.5", features = ["small_rng"] }
 serde = { version = "1.0.144", features = ["derive"] }
 tap = "1.0.1"

scripts/simtest/cargo-simtest

@@ -58,7 +58,7 @@ if [ -n "$LOCAL_MSIM_PATH" ]; then
 else
   cargo_patch_args+=(
     --config 'patch.crates-io.tokio.git = "https://github.com/MystenLabs/mysten-sim.git"'
-    --config 'patch.crates-io.tokio.rev = "982cf1a544ebd1e2818330f9b1247a4c3dd26c13"'
+    --config 'patch.crates-io.tokio.rev = "b28d77f88434535b166cc60bd3e5018aa75cd705"'
   )
 fi