Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Crash/Fuzzing] "TypeError: public key must be a Buffer" when parsing ENR string #59

Closed
pventuzelo opened this issue May 28, 2020 · 1 comment · Fixed by #61
Closed

[Crash/Fuzzing] "TypeError: public key must be a Buffer" when parsing ENR string #59

pventuzelo opened this issue May 28, 2020 · 1 comment · Fixed by #61
Assignees
@twoeths

Comments

@pventuzelo
Copy link

Describe the bug

During fuzzing with beaconfuzz, I found this TypeError crash. I suppose that bcrypto library throw this because the enr library provide invalid data.

Expected behavior

Enr should detect and throw an Error.

Steps to Reproduce

crash_TypeError_tostring_undef_enr_lodestar.js:

var discv5 = require("@chainsafe/discv5");

buf = "enr:-IS4QJ2d11eu6dC7E7LoXeLMgMP3kom1u3SE8esFSWvaHoo0dP1jg8O3-nx9ht-EO3CmG7L6OkHcMmoIh00IYWB92QABgmlkgnY0gmlwhH8AAAGJc2d11eu6dCsxoQIB_c-jQMOXsbjWkbN-kj99H57gfId5pfb4wa1qxwV4CIN1ZHCCIyk".toString()

discv5.ENR.decodeTxt(buf);

Run:

$ npm i @chainsafe/discv5

$ node crash_TypeError_pub_key_buffer_enr_lodestar.js
/home/scop/node_modules/bcrypto/lib/native/secp256k1.js:544
      throw e;
      ^

TypeError: public key must be a Buffer
    at Object.verify (/home/scop/node_modules/bcrypto/lib/native/secp256k1.js:541:20)
    at Object.verify (/home/scop/node_modules/@chainsafe/discv5/lib/enr/v4.js:23:22)
    at Map.verify (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:189:27)
    at Function.decodeFromValues (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:55:18)
    at Function.decode (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:62:20)
    at Function.decodeTxt (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:68:20)
    at Object.<anonymous> (/XXX/crash_TypeError_pub_key_buffer_enr_lodestar.js:13:12)
    at Module._compile (internal/modules/cjs/loader.js:936:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:947:10)
    at Module.load (internal/modules/cjs/loader.js:790:32)

Desktop (please complete the following information):

Additional info:

$ zcli net enr IS4QJ2d11eu6dC7E7LoXeLMgMP3kom1u3SE8esFSWvaHoo0dP1jg8O3-nx9ht-EO3CmG7L6OkHcMmoIh00IYWB92QABgmlkgnY0gmlwhH8AAAGJc2d11eu6dCsxoQIB_c-jQMOXsbjWkbN-kj99H57gfId5pfb4wa1qxwV4CIN1ZHCCIyk 
input: IS4QJ2d11eu6dC7E7LoXeLMgMP3kom1u3SE8esFSWvaHoo0dP1jg8O3-nx9ht-EO3CmG7L6OkHcMmoIh00IYWB92QABgmlkgnY0gmlwhH8AAAGJc2d11eu6dCsxoQIB_c-jQMOXsbjWkbN-kj99H57gfId5pfb4wa1qxwV4CIN1ZHCCIyk
invalid ENR RLP encoding
rlp: expected List
@twoeths twoeths self-assigned this Jun 23, 2020
@twoeths twoeths mentioned this issue Jun 23, 2020
Merged
@twoeths
Copy link
Contributor

twoeths commented Jun 24, 2020

after the fix, it should throw Error "Failed to verify enr: No public key"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@twoeths twoeths

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add validations to ENR.verify() ChainSafe/discv5
3 participants
@wemeetagain @pventuzelo @twoeths