Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Crash/Fuzzing] "TypeError: public key must be a Buffer" when parsing ENR string #59

Closed
pventuzelo opened this issue May 28, 2020 · 1 comment · Fixed by #61
Closed
Assignees

Comments

@pventuzelo
Copy link

@pventuzelo pventuzelo commented May 28, 2020

Describe the bug

During fuzzing with beaconfuzz, I found this TypeError crash. I suppose that bcrypto library throw this because the enr library provide invalid data.

Expected behavior

Enr should detect and throw an Error.

Steps to Reproduce

crash_TypeError_tostring_undef_enr_lodestar.js:

var discv5 = require("@chainsafe/discv5");

buf = "enr:-IS4QJ2d11eu6dC7E7LoXeLMgMP3kom1u3SE8esFSWvaHoo0dP1jg8O3-nx9ht-EO3CmG7L6OkHcMmoIh00IYWB92QABgmlkgnY0gmlwhH8AAAGJc2d11eu6dCsxoQIB_c-jQMOXsbjWkbN-kj99H57gfId5pfb4wa1qxwV4CIN1ZHCCIyk".toString()

discv5.ENR.decodeTxt(buf);

Run:

$ npm i @chainsafe/discv5

$ node crash_TypeError_pub_key_buffer_enr_lodestar.js
/home/scop/node_modules/bcrypto/lib/native/secp256k1.js:544
      throw e;
      ^

TypeError: public key must be a Buffer
    at Object.verify (/home/scop/node_modules/bcrypto/lib/native/secp256k1.js:541:20)
    at Object.verify (/home/scop/node_modules/@chainsafe/discv5/lib/enr/v4.js:23:22)
    at Map.verify (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:189:27)
    at Function.decodeFromValues (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:55:18)
    at Function.decode (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:62:20)
    at Function.decodeTxt (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:68:20)
    at Object.<anonymous> (/XXX/crash_TypeError_pub_key_buffer_enr_lodestar.js:13:12)
    at Module._compile (internal/modules/cjs/loader.js:936:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:947:10)
    at Module.load (internal/modules/cjs/loader.js:790:32)

Desktop (please complete the following information):

Additional info:

$ zcli net enr IS4QJ2d11eu6dC7E7LoXeLMgMP3kom1u3SE8esFSWvaHoo0dP1jg8O3-nx9ht-EO3CmG7L6OkHcMmoIh00IYWB92QABgmlkgnY0gmlwhH8AAAGJc2d11eu6dCsxoQIB_c-jQMOXsbjWkbN-kj99H57gfId5pfb4wa1qxwV4CIN1ZHCCIyk 
input: IS4QJ2d11eu6dC7E7LoXeLMgMP3kom1u3SE8esFSWvaHoo0dP1jg8O3-nx9ht-EO3CmG7L6OkHcMmoIh00IYWB92QABgmlkgnY0gmlwhH8AAAGJc2d11eu6dCsxoQIB_c-jQMOXsbjWkbN-kj99H57gfId5pfb4wa1qxwV4CIN1ZHCCIyk
invalid ENR RLP encoding
rlp: expected List
@tuyennhv
Copy link
Contributor

@tuyennhv tuyennhv commented Jun 24, 2020

after the fix, it should throw Error "Failed to verify enr: No public key"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants