Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Crash/Fuzzing] "AssertionError" inside bcrypto library when parsing invalid ENR string. #70

Closed
pventuzelo opened this issue Jul 15, 2020 · 1 comment · Fixed by #90
Closed

Comments

@pventuzelo
Copy link

pventuzelo commented Jul 15, 2020

Describe the bug

When providing a specific string to discv5.ENR.decodeTxt function, an AssertionError inside bcrypto is triggered (see here)

This bug has been found by the community using beacon-fuzz and reported in our repository here. Kudos to @Buttaa for the finding !!

Steps to Reproduce

enr_typeerror_sig_lodestar.js:

var discv5 = require("@chainsafe/discv5");
buf = Buffer.from("656e723a2d4b7634514147774f54385374716d7749354c486149796d494f346f6f464b664e6b456a576130663150384f73456c67426832496a622d4772445f2d623957346b6350466377796e354845516d526371584e716470566f3168656f42683246306447356c64484f494141414141414141414143455a58526f4d704141414141414141414141505f5f5f5f5f5f5f5f5f5f676d6c6b676e5930676d6c7768424c663232534a6332566a634449314e6d73786f514a78436e4536765f7832656b67595f756f45317274777a76477934306d7139654436365866485042576749494e315a48437f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f434436410d0a", 'hex').toString()
console.log(buf)
discv5.ENR.decodeTxt(buf);

Run:

$ npm i @chainsafe/discv5

$ nodejs ../beacon-fuzz/enr_typeerror_sig_lodestar.js
enr:-Kv4QAGwOT8StqmwI5LHaIymIO4ooFKfNkEjWa0f1P8OsElgBh2Ijb-GrD_-b9W4kcPFcwyn5HEQmRcqXNqdpVo1heoBh2F0dG5ldHOIAAAAAAAAAACEZXRoMpAAAAAAAAAAAP__________gmlkgnY0gmlwhBLf22SJc2VjcDI1NmsxoQJxCnE6v_x2ekgY_uoE1rtwzvGy40mq9eD66XfHPBWgIIN1ZHCCD6A

/tmp/tess/node_modules/bsert/lib/assert.js:84
    throw new AssertionError({
    ^

AssertionError [ERR_ASSERTION]: Assertion failed.
    at ECDSA.verify (/tmp/tess/node_modules/bcrypto/lib/js/ecdsa.js:600:5)
    at Object.verify (/tmp/tess/node_modules/@chainsafe/discv5/lib/enr/v4.js:23:22)
    at Map.verify (/tmp/tess/node_modules/@chainsafe/discv5/lib/enr/enr.js:197:19)
    at Function.decodeFromValues (/tmp/tess/node_modules/@chainsafe/discv5/lib/enr/enr.js:55:18)
    at Function.decode (/tmp/tess/node_modules/@chainsafe/discv5/lib/enr/enr.js:62:20)
    at Function.decodeTxt (/tmp/tess/node_modules/@chainsafe/discv5/lib/enr/enr.js:68:20)
    at Object.<anonymous> (/tmp/tess/titi.js:4:12)
    at Module._compile (internal/modules/cjs/loader.js:1256:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1277:10)
    at Module.load (internal/modules/cjs/loader.js:1105:32) {
  type: 'AssertionError',
  code: 'ERR_ASSERTION',
  generatedMessage: true,
  actual: false,
  expected: true,
  operator: '=='
}

Desktop (please complete the following information):

@pventuzelo pventuzelo changed the title [Crash/Fuzzing] "TypeError: signature must be a Buffer" when parsing invalid ENR string. [Crash/Fuzzing] "AssertionError" inside bcrypto library when parsing invalid ENR string. Aug 1, 2020
@pventuzelo
Copy link
Author

pventuzelo commented Aug 1, 2020

I've updated the issue since on last version of nodejs, this bug trigger the "Assertion error".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant