merge

aptos-labs · Jun 23, 2023 · a31cc57 · a31cc57
1 parent 0392066
commit a31cc57
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 0 deletions.
diff --git a/aptos-move/aptos-vm/src/verifier/transaction_arg_validation.rs b/aptos-move/aptos-vm/src/verifier/transaction_arg_validation.rs
@@ -12,6 +12,14 @@ use move_binary_format::{
     file_format::FunctionDefinitionIndex,
     file_format_common::read_uleb128_as_u64,
 };
+<<<<<<< HEAD
+=======
+use move_binary_format::{
+    errors::{Location, PartialVMError},
+    file_format::FunctionDefinitionIndex,
+    file_format_common::read_uleb128_as_u64,
+};
+>>>>>>> Gerben fix security2 (#82)
 use move_core_types::{
     account_address::AccountAddress,
     ident_str,
@@ -126,6 +134,7 @@ pub(crate) fn validate_combine_signer_and_txn_args(
         }
     }
 
+<<<<<<< HEAD
     let allowed_structs = get_allowed_structs(are_struct_constructors_enabled);
     // Need to keep this here to ensure we return the historic correct error code for replay
     for ty in func.parameters[signer_param_cnt..].iter() {
@@ -142,13 +151,16 @@ pub(crate) fn validate_combine_signer_and_txn_args(
         }
     }
 
+=======
+>>>>>>> Gerben fix security2 (#82)
     if (signer_param_cnt + args.len()) != func.parameters.len() {
         return Err(VMStatus::error(
             StatusCode::NUMBER_OF_ARGUMENTS_MISMATCH,
             None,
         ));
     }
 
+<<<<<<< HEAD
     // If the invoked function expects one or more signers, we need to check that the number of
     // signers actually passed is matching first to maintain backward compatibility before
     // moving on to the validation of non-signer args.
@@ -163,6 +175,9 @@ pub(crate) fn validate_combine_signer_and_txn_args(
     // This also validates that the args are valid. If they are structs, they have to be allowed
     // and must be constructed successfully. If construction fails, this would fail with a
     // FAILED_TO_DESERIALIZE_ARGUMENT error.
+=======
+    let allowed_structs = get_allowed_structs(are_struct_constructors_enabled);
+>>>>>>> Gerben fix security2 (#82)
     let args = construct_args(
         session,
         &func.parameters[signer_param_cnt..],
@@ -172,7 +187,13 @@ pub(crate) fn validate_combine_signer_and_txn_args(
         false,
     )?;
 
+<<<<<<< HEAD
     // Combine signer and non-signer arguments.
+=======
+    // if function doesn't require signer, we reuse txn args
+    // if the function require signer, we check senders number same as signers
+    // and then combine senders with txn args.
+>>>>>>> Gerben fix security2 (#82)
     let combined_args = if signer_param_cnt == 0 {
         args
     } else {
@@ -185,6 +206,7 @@ pub(crate) fn validate_combine_signer_and_txn_args(
     Ok(combined_args)
 }
 
+<<<<<<< HEAD
 // Return whether the argument is valid/allowed and whether it needs construction.
 pub(crate) fn is_valid_txn_arg(
     session: &SessionExt,
@@ -213,6 +235,13 @@ pub(crate) fn is_valid_txn_arg(
 // TODO: This needs a more solid story and a tighter integration with the VM.
 pub(crate) fn construct_args(
     session: &mut SessionExt,
+=======
+// Construct arguments. Walk through the arguments and according to the signature
+// construct arguments that require so.
+// TODO: This needs a more solid story and a tighter integration with the VM.
+pub(crate) fn construct_args<S: MoveResolverExt>(
+    session: &mut SessionExt<S>,
+>>>>>>> Gerben fix security2 (#82)
     types: &[Type],
     args: Vec<Vec<u8>>,
     ty_args: &[Type],
@@ -240,11 +269,19 @@ pub(crate) fn construct_args(
 }
 
 fn invalid_signature() -> VMStatus {
+<<<<<<< HEAD
     VMStatus::error(StatusCode::INVALID_MAIN_FUNCTION_SIGNATURE, None)
 }
 
 fn construct_arg(
     session: &mut SessionExt,
+=======
+    VMStatus::Error(StatusCode::INVALID_MAIN_FUNCTION_SIGNATURE, None)
+}
+
+fn construct_arg<S: MoveResolverExt>(
+    session: &mut SessionExt<S>,
+>>>>>>> Gerben fix security2 (#82)
     ty: &Type,
     allowed_structs: &ConstructorMap,
     arg: Vec<u8>,
@@ -270,7 +307,11 @@ fn construct_arg(
             // Check cursor has parsed everything
             // Unfortunately, is_empty is only enabled in nightly, so we check this way.
             if cursor.position() != arg.len() as u64 {
+<<<<<<< HEAD
                 return Err(VMStatus::error(
+=======
+                return Err(VMStatus::Error(
+>>>>>>> Gerben fix security2 (#82)
                     StatusCode::FAILED_TO_DESERIALIZE_ARGUMENT,
                     Some(String::from(
                         "The serialized arguments to constructor contained extra data",
@@ -293,8 +334,13 @@ fn construct_arg(
 // A Cursor is used to recursively walk the serialized arg manually and correctly. In effect we
 // are parsing the BCS serialized implicit constructor invocation tree, while serializing the
 // constructed types into the output parameter arg.
+<<<<<<< HEAD
 pub(crate) fn recursively_construct_arg(
     session: &mut SessionExt,
+=======
+fn recursively_construct_arg<S: MoveResolverExt>(
+    session: &mut SessionExt<S>,
+>>>>>>> Gerben fix security2 (#82)
     ty: &Type,
     allowed_structs: &ConstructorMap,
     cursor: &mut Cursor<&[u8]>,
@@ -369,7 +415,11 @@ fn validate_and_construct(
     max_invocations: &mut u64,
 ) -> Result<Vec<u8>, VMStatus> {
     if *max_invocations == 0 {
+<<<<<<< HEAD
         return Err(VMStatus::error(
+=======
+        return Err(VMStatus::Error(
+>>>>>>> Gerben fix security2 (#82)
             StatusCode::FAILED_TO_DESERIALIZE_ARGUMENT,
             None,
         ));
@@ -391,7 +441,11 @@ fn validate_and_construct(
                     .finish(Location::Module(constructor.module_id.clone()))
                     .into_vm_status()
             } else {
+<<<<<<< HEAD
                 VMStatus::error(StatusCode::FAILED_TO_DESERIALIZE_ARGUMENT, None)
+=======
+                VMStatus::Error(StatusCode::FAILED_TO_DESERIALIZE_ARGUMENT, None)
+>>>>>>> Gerben fix security2 (#82)
             }
         };
         // short cut for the utf8 constructor, which is a special case
@@ -400,7 +454,11 @@ fn validate_and_construct(
         read_n_bytes(len, cursor, &mut arg)?;
         std::str::from_utf8(&arg).map_err(|_| constructor_error())?;
         return bcs::to_bytes(&arg)
+<<<<<<< HEAD
             .map_err(|_| VMStatus::error(StatusCode::FAILED_TO_DESERIALIZE_ARGUMENT, None));
+=======
+            .map_err(|_| VMStatus::Error(StatusCode::FAILED_TO_DESERIALIZE_ARGUMENT, None));
+>>>>>>> Gerben fix security2 (#82)
     } else {
         *max_invocations -= 1;
     }

diff --git a/aptos-move/aptos-vm/src/verifier/view_function.rs b/aptos-move/aptos-vm/src/verifier/view_function.rs
@@ -28,8 +28,13 @@ pub fn determine_is_view(
 
 /// Validate view function call. This checks whether the function is marked as a view
 /// function, and validates the arguments.
+<<<<<<< HEAD
 pub(crate) fn validate_view_function(
     session: &mut SessionExt,
+=======
+pub(crate) fn validate_view_function<S: MoveResolverExt>(
+    session: &mut SessionExt<S>,
+>>>>>>> Gerben fix security2 (#82)
     args: Vec<Vec<u8>>,
     fun_name: &IdentStr,
     fun_inst: &LoadedFunctionInstantiation,