Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Crash/Fuzzing] "AssertionError" inside bcrypto library when parsing invalid ENR string. #70

Closed
pventuzelo opened this issue Jul 15, 2020 · 1 comment · Fixed by #90
Closed

[Crash/Fuzzing] "AssertionError" inside bcrypto library when parsing invalid ENR string. #70

pventuzelo opened this issue Jul 15, 2020 · 1 comment · Fixed by #90

Comments

@pventuzelo
Copy link

pventuzelo commented Jul 15, 2020
edited
Loading

Describe the bug

When providing a specific string to discv5.ENR.decodeTxt function, an AssertionError inside bcrypto is triggered (see here)

This bug has been found by the community using beacon-fuzz and reported in our repository here. Kudos to @Buttaa for the finding !!

Steps to Reproduce

enr_typeerror_sig_lodestar.js:

var discv5 = require("@chainsafe/discv5");
buf = Buffer.from("656e723a2d4b7634514147774f54385374716d7749354c486149796d494f346f6f464b664e6b456a576130663150384f73456c67426832496a622d4772445f2d623957346b6350466377796e354845516d526371584e716470566f3168656f42683246306447356c64484f494141414141414141414143455a58526f4d704141414141414141414141505f5f5f5f5f5f5f5f5f5f676d6c6b676e5930676d6c7768424c663232534a6332566a634449314e6d73786f514a78436e4536765f7832656b67595f756f45317274777a76477934306d7139654436365866485042576749494e315a48437f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f434436410d0a", 'hex').toString()
console.log(buf)
discv5.ENR.decodeTxt(buf);

Run:

$ npm i @chainsafe/discv5

$ nodejs ../beacon-fuzz/enr_typeerror_sig_lodestar.js
enr:-Kv4QAGwOT8StqmwI5LHaIymIO4ooFKfNkEjWa0f1P8OsElgBh2Ijb-GrD_-b9W4kcPFcwyn5HEQmRcqXNqdpVo1heoBh2F0dG5ldHOIAAAAAAAAAACEZXRoMpAAAAAAAAAAAP__________gmlkgnY0gmlwhBLf22SJc2VjcDI1NmsxoQJxCnE6v_x2ekgY_uoE1rtwzvGy40mq9eD66XfHPBWgIIN1ZHCCD6A

/tmp/tess/node_modules/bsert/lib/assert.js:84
    throw new AssertionError({
    ^

AssertionError [ERR_ASSERTION]: Assertion failed.
    at ECDSA.verify (/tmp/tess/node_modules/bcrypto/lib/js/ecdsa.js:600:5)
    at Object.verify (/tmp/tess/node_modules/@chainsafe/discv5/lib/enr/v4.js:23:22)
    at Map.verify (/tmp/tess/node_modules/@chainsafe/discv5/lib/enr/enr.js:197:19)
    at Function.decodeFromValues (/tmp/tess/node_modules/@chainsafe/discv5/lib/enr/enr.js:55:18)
    at Function.decode (/tmp/tess/node_modules/@chainsafe/discv5/lib/enr/enr.js:62:20)
    at Function.decodeTxt (/tmp/tess/node_modules/@chainsafe/discv5/lib/enr/enr.js:68:20)
    at Object.<anonymous> (/tmp/tess/titi.js:4:12)
    at Module._compile (internal/modules/cjs/loader.js:1256:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1277:10)
    at Module.load (internal/modules/cjs/loader.js:1105:32) {
  type: 'AssertionError',
  code: 'ERR_ASSERTION',
  generatedMessage: true,
  actual: false,
  expected: true,
  operator: '=='
}

Desktop (please complete the following information):
@pventuzelo pventuzelo mentioned this issue Jul 15, 2020
Closed
7 tasks
@pventuzelo pventuzelo changed the title [Crash/Fuzzing] "TypeError: signature must be a Buffer" when parsing invalid ENR string. [Crash/Fuzzing] "AssertionError" inside bcrypto library when parsing invalid ENR string. Aug 1, 2020
@pventuzelo
Copy link
Author

I've updated the issue since on last version of nodejs, this bug trigger the "Assertion error".

@wemeetagain wemeetagain mentioned this issue Aug 24, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix bugs found with fuzzing ChainSafe/discv5
1 participant
@pventuzelo