[FAB-3497] Removing the hash from gossip dataMsg

The hash field isn't used anywhere but in the protos comparator function to compare 2 ledger blocks disseminated. This imposes a security vulnerability: A malicious peer can send blocks with an arbitrary hash in the hash field of the DataMsg, and then these messages would enter the in-memory stores and fill up the memory. Since we have no use of the block hash of our own message, I am removing it entirely. Change-Id: Ic22ed3d06f102795c8f2a74b27063848affc926a Signed-off-by: Yacov Manevich <yacovm@il.ibm.com>
hyperledger · May 1, 2017 · 1acb65f · 1acb65f
1 parent 1195f2f
commit 1acb65f
Show file tree

Hide file tree

Showing 11 changed files with 137 additions and 152 deletions.
diff --git a/gossip/comm/mock/mock_comm_test.go b/gossip/comm/mock/mock_comm_test.go
@@ -76,7 +76,10 @@ func TestMockComm_PingPong(t *testing.T) {
  peerA.Send((&proto.GossipMessage{
  Content: &proto.GossipMessage_DataMsg{
  &proto.DataMessage{
- &proto.Payload{1, "", []byte("Ping")},
+ &proto.Payload{
+ SeqNum: 1,
+ Data: []byte("Ping"),
+ },
  }},
  }).NoopSign(), &comm.RemotePeer{"peerB", common.PKIidType("peerB")})
 
@@ -88,7 +91,10 @@ func TestMockComm_PingPong(t *testing.T) {
  msg.Respond(&proto.GossipMessage{
  Content: &proto.GossipMessage_DataMsg{
  &proto.DataMessage{
- &proto.Payload{1, "", []byte("Pong")},
+ &proto.Payload{
+ SeqNum: 1,
+ Data: []byte("Pong"),
+ },
  }},
  })
 

diff --git a/gossip/gossip/channel/channel_test.go b/gossip/gossip/channel/channel_test.go
@@ -1393,7 +1393,6 @@ func dataMsgOfChannel(seqnum uint64, channel common.ChainID) *proto.SignedGossip
  DataMsg: &proto.DataMessage{
  Payload: &proto.Payload{
  Data: []byte{},
- Hash: "",
  SeqNum: seqnum,
  },
  },
@@ -1441,7 +1440,6 @@ func createDataMsg(seqnum uint64, channel common.ChainID) *proto.SignedGossipMes
  DataMsg: &proto.DataMessage{
  Payload: &proto.Payload{
  Data: []byte{},
- Hash: "",
  SeqNum: seqnum,
  },
  },

diff --git a/gossip/gossip/gossip_test.go b/gossip/gossip/gossip_test.go
@@ -330,7 +330,7 @@ func TestPull(t *testing.T) {
  }
 
  for i := 1; i <= msgsCount2Send; i++ {
- boot.Gossip(createDataMsg(uint64(i), []byte{}, "", common.ChainID("A")))
+ boot.Gossip(createDataMsg(uint64(i), []byte{}, common.ChainID("A")))
  }
 
  waitUntilOrFail(t, knowAll)
@@ -564,7 +564,7 @@ func TestDissemination(t *testing.T) {
  t.Log("Membership establishment took", time.Since(membershipTime))
 
  for i := 1; i <= msgsCount2Send; i++ {
- boot.Gossip(createDataMsg(uint64(i), []byte{}, "", common.ChainID("A")))
+ boot.Gossip(createDataMsg(uint64(i), []byte{}, common.ChainID("A")))
  }
 
  t2 := time.Now()
@@ -902,8 +902,8 @@ func TestDataLeakage(t *testing.T) {
  }
 
  t1 = time.Now()
- peers[0].Gossip(createDataMsg(1, []byte{}, "", channels[0]))
- peers[n/2].Gossip(createDataMsg(2, []byte{}, "", channels[1]))
+ peers[0].Gossip(createDataMsg(1, []byte{}, channels[0]))
+ peers[n/2].Gossip(createDataMsg(2, []byte{}, channels[1]))
  waitUntilOrFailBlocking(t, gotMessages)
  t.Log("Dissemination took", time.Since(t1))
  stop := func() {
@@ -972,7 +972,7 @@ func TestDisseminateAll2All(t *testing.T) {
  blockStartIndex := i * 10
  for j := 0; j < 10; j++ {
  blockSeq := uint64(j + blockStartIndex)
- peers[i].Gossip(createDataMsg(blockSeq, []byte{}, "", common.ChainID("A")))
+ peers[i].Gossip(createDataMsg(blockSeq, []byte{}, common.ChainID("A")))
  }
  }(i)
  }
@@ -1044,7 +1044,7 @@ func TestEndedGoroutines(t *testing.T) {
  ensureGoroutineExit(t)
 }
 
-func createDataMsg(seqnum uint64, data []byte, hash string, channel common.ChainID) *proto.GossipMessage {
+func createDataMsg(seqnum uint64, data []byte, channel common.ChainID) *proto.GossipMessage {
  return &proto.GossipMessage{
  Channel: []byte(channel),
  Nonce: 0,
@@ -1053,7 +1053,6 @@ func createDataMsg(seqnum uint64, data []byte, hash string, channel common.Chain
  DataMsg: &proto.DataMessage{
  Payload: &proto.Payload{
  Data: data,
- Hash: hash,
  SeqNum: seqnum,
  },
  },

diff --git a/gossip/gossip/pull/pullstore_test.go b/gossip/gossip/pull/pullstore_test.go
@@ -332,7 +332,6 @@ func dataMsg(seqNum int) *proto.SignedGossipMessage {
  DataMsg: &proto.DataMessage{
  Payload: &proto.Payload{
  Data: []byte{},
- Hash: "",
  SeqNum: uint64(seqNum),
  },
  },

diff --git a/gossip/state/payloads_buffer_test.go b/gossip/state/payloads_buffer_test.go
@@ -18,7 +18,6 @@ package state
 
 import (
  "crypto/rand"
- "fmt"
  "sync"
  "sync/atomic"
  "testing"
@@ -33,30 +32,16 @@ func init() {
  util.SetupTestLogging()
 }
 
-func uuid() (string, error) {
- uuid := make([]byte, 16)
- _, err := rand.Read(uuid)
- if err != nil {
- return "", err
- }
- uuid[8] = uuid[8]&^0xc0 | 0x80
-
- uuid[6] = uuid[6]&^0xf0 | 0x40
- return fmt.Sprintf("%x-%x-%x-%x-%x", uuid[0:4], uuid[4:6], uuid[6:8], uuid[8:10], uuid[10:]), nil
-}
-
 func randomPayloadWithSeqNum(seqNum uint64) (*proto.Payload, error) {
  data := make([]byte, 64)
  _, err := rand.Read(data)
  if err != nil {
  return nil, err
  }
- uuid, err := uuid()
- if err != nil {
- return nil, err
- }
-
- return &proto.Payload{seqNum, uuid, data}, nil
+ return &proto.Payload{
+ SeqNum: seqNum,
+ Data: data,
+ }, nil
 }
 
 func TestNewPayloadsBuffer(t *testing.T) {

diff --git a/gossip/state/state.go b/gossip/state/state.go
@@ -343,7 +343,6 @@ func (s *GossipStateProviderImpl) handleStateRequest(msg proto.ReceivedMessage)
  response.Payloads = append(response.Payloads, &proto.Payload{
  SeqNum: seqNum,
  Data: blockBytes,
- Hash: string(blocks[0].Header.Hash()),
  })
  }
  // Sending back response with missing blocks

diff --git a/gossip/state/state_test.go b/gossip/state/state_test.go
@@ -394,7 +394,10 @@ func TestAccessControl(t *testing.T) {
  for i := 1; i <= msgCount; i++ {
  rawblock := pcomm.NewBlock(uint64(i), []byte{})
  if b, err := pb.Marshal(rawblock); err == nil {
- payload := &proto.Payload{uint64(i), "", b}
+ payload := &proto.Payload{
+ SeqNum: uint64(i),
+ Data: b,
+ }
  bootstrapSet[0].s.AddPayload(payload)
  } else {
  t.Fail()
@@ -550,7 +553,10 @@ func TestNewGossipStateProvider_SendingManyMessages(t *testing.T) {
  for i := 1; i <= msgCount; i++ {
  rawblock := pcomm.NewBlock(uint64(i), []byte{})
  if b, err := pb.Marshal(rawblock); err == nil {
- payload := &proto.Payload{uint64(i), "", b}
+ payload := &proto.Payload{
+ SeqNum: uint64(i),
+ Data: b,
+ }
  bootstrapSet[0].s.AddPayload(payload)
  } else {
  t.Fail()
@@ -682,7 +688,10 @@ func TestNewGossipStateProvider_BatchingOfStateRequest(t *testing.T) {
  for i := 1; i <= msgCount; i++ {
  rawblock := pcomm.NewBlock(uint64(i), []byte{})
  if b, err := pb.Marshal(rawblock); err == nil {
- payload := &proto.Payload{uint64(i), "", b}
+ payload := &proto.Payload{
+ SeqNum: uint64(i),
+ Data: b,
+ }
  bootPeer.s.AddPayload(payload)
  } else {
  t.Fail()

diff --git a/protos/gossip/extensions.go b/protos/gossip/extensions.go
@@ -85,10 +85,7 @@ func (mc *msgComparator) identityInvalidationPolicy(thisIdentityMsg *PeerIdentit
 
 func (mc *msgComparator) dataInvalidationPolicy(thisDataMsg *DataMessage, thatDataMsg *DataMessage) common.InvalidationResult {
  if thisDataMsg.Payload.SeqNum == thatDataMsg.Payload.SeqNum {
- if thisDataMsg.Payload.Hash == thatDataMsg.Payload.Hash {
- return common.MessageInvalidated
- }
- return common.MessageNoAction
+ return common.MessageInvalidated
  }
 
  diff := abs(thisDataMsg.Payload.SeqNum, thatDataMsg.Payload.SeqNum)

diff --git a/protos/gossip/extensions_test.go b/protos/gossip/extensions_test.go
@@ -273,17 +273,15 @@ func TestDataMessageInvalidation(t *testing.T) {
  comparator := NewGossipMessageComparator(5)
 
  data := []byte{1, 1, 1}
- sMsg1 := signedGossipMessage("testChannel", GossipMessage_EMPTY, dataMessage(1, "hash", data))
- sMsg2 := signedGossipMessage("testChannel", GossipMessage_EMPTY, dataMessage(1, "hash", data))
- sMsg3 := signedGossipMessage("testChannel", GossipMessage_EMPTY, dataMessage(1, "newHash", data))
- sMsg4 := signedGossipMessage("testChannel", GossipMessage_EMPTY, dataMessage(2, "newHash", data))
- sMsg5 := signedGossipMessage("testChannel", GossipMessage_EMPTY, dataMessage(7, "newHash", data))
+ sMsg1 := signedGossipMessage("testChannel", GossipMessage_EMPTY, dataMessage(1, data))
+ sMsg1Clone := signedGossipMessage("testChannel", GossipMessage_EMPTY, dataMessage(1, data))
+ sMsg3 := signedGossipMessage("testChannel", GossipMessage_EMPTY, dataMessage(2, data))
+ sMsg4 := signedGossipMessage("testChannel", GossipMessage_EMPTY, dataMessage(7, data))
 
- assert.Equal(t, comparator(sMsg1, sMsg2), common.MessageInvalidated)
+ assert.Equal(t, comparator(sMsg1, sMsg1Clone), common.MessageInvalidated)
  assert.Equal(t, comparator(sMsg1, sMsg3), common.MessageNoAction)
- assert.Equal(t, comparator(sMsg1, sMsg4), common.MessageNoAction)
- assert.Equal(t, comparator(sMsg1, sMsg5), common.MessageInvalidated)
- assert.Equal(t, comparator(sMsg5, sMsg1), common.MessageInvalidates)
+ assert.Equal(t, comparator(sMsg1, sMsg4), common.MessageInvalidated)
+ assert.Equal(t, comparator(sMsg4, sMsg1), common.MessageInvalidates)
 }
 
 func TestIdentityMessagesInvalidation(t *testing.T) {
@@ -376,7 +374,7 @@ func TestCheckGossipMessageTypes(t *testing.T) {
  assert.True(t, msg.IsAliveMsg())
 
  // Create gossip data message
- msg = signedGossipMessage(channelID, GossipMessage_EMPTY, dataMessage(1, "hash", []byte{1, 2, 3, 4, 5}))
+ msg = signedGossipMessage(channelID, GossipMessage_EMPTY, dataMessage(1, []byte{1, 2, 3, 4, 5}))
  assert.True(t, msg.IsDataMsg())
 
  // Create data request message
@@ -436,7 +434,6 @@ func TestCheckGossipMessageTypes(t *testing.T) {
  StateResponse: &RemoteStateResponse{
  Payloads: []*Payload{&Payload{
  SeqNum: 1,
- Hash: "hash",
  Data: []byte{1, 2, 3, 4, 5},
  }},
  },
@@ -497,7 +494,7 @@ func TestGossipPullMessageType(t *testing.T) {
  assert.Equal(t, msg.GetPullMsgType(), PullMsgType_IDENTITY_MSG)
 
  // Create gossip data message
- msg = signedGossipMessage(channelID, GossipMessage_EMPTY, dataMessage(1, "hash", []byte{1, 2, 3, 4, 5}))
+ msg = signedGossipMessage(channelID, GossipMessage_EMPTY, dataMessage(1, []byte{1, 2, 3, 4, 5}))
  assert.True(t, msg.IsDataMsg())
  assert.Equal(t, msg.GetPullMsgType(), PullMsgType_UNDEFINED)
 }
@@ -506,30 +503,30 @@ func TestGossipMessageDataMessageTagType(t *testing.T) {
  var msg *SignedGossipMessage
  channelID := "testID1"
 
- msg = signedGossipMessage(channelID, GossipMessage_CHAN_AND_ORG, dataMessage(1, "hash", []byte{1}))
+ msg = signedGossipMessage(channelID, GossipMessage_CHAN_AND_ORG, dataMessage(1, []byte{1}))
  assert.True(t, msg.IsChannelRestricted())
  assert.True(t, msg.IsOrgRestricted())
  assert.NoError(t, msg.IsTagLegal())
 
- msg = signedGossipMessage(channelID, GossipMessage_EMPTY, dataMessage(1, "hash", []byte{1}))
+ msg = signedGossipMessage(channelID, GossipMessage_EMPTY, dataMessage(1, []byte{1}))
  assert.Error(t, msg.IsTagLegal())
 
- msg = signedGossipMessage(channelID, GossipMessage_UNDEFINED, dataMessage(1, "hash", []byte{1}))
+ msg = signedGossipMessage(channelID, GossipMessage_UNDEFINED, dataMessage(1, []byte{1}))
  assert.Error(t, msg.IsTagLegal())
 
- msg = signedGossipMessage(channelID, GossipMessage_ORG_ONLY, dataMessage(1, "hash", []byte{1}))
+ msg = signedGossipMessage(channelID, GossipMessage_ORG_ONLY, dataMessage(1, []byte{1}))
  assert.False(t, msg.IsChannelRestricted())
  assert.True(t, msg.IsOrgRestricted())
 
- msg = signedGossipMessage(channelID, GossipMessage_CHAN_OR_ORG, dataMessage(1, "hash", []byte{1}))
+ msg = signedGossipMessage(channelID, GossipMessage_CHAN_OR_ORG, dataMessage(1, []byte{1}))
  assert.True(t, msg.IsChannelRestricted())
  assert.False(t, msg.IsOrgRestricted())
 
- msg = signedGossipMessage(channelID, GossipMessage_EMPTY, dataMessage(1, "hash", []byte{1}))
+ msg = signedGossipMessage(channelID, GossipMessage_EMPTY, dataMessage(1, []byte{1}))
  assert.False(t, msg.IsChannelRestricted())
  assert.False(t, msg.IsOrgRestricted())
 
- msg = signedGossipMessage(channelID, GossipMessage_UNDEFINED, dataMessage(1, "hash", []byte{1}))
+ msg = signedGossipMessage(channelID, GossipMessage_UNDEFINED, dataMessage(1, []byte{1}))
  assert.False(t, msg.IsChannelRestricted())
  assert.False(t, msg.IsOrgRestricted())
 }
@@ -774,7 +771,7 @@ func TestSignedGossipMessage_Verify(t *testing.T) {
 
 func TestEnvelope(t *testing.T) {
  dataMsg := &GossipMessage{
- Content: dataMessage(1, "hash", []byte("data")),
+ Content: dataMessage(1, []byte("data")),
  }
  bytes, err := proto.Marshal(dataMsg)
  assert.NoError(t, err)
@@ -791,7 +788,7 @@ func TestEnvelope(t *testing.T) {
 
 func TestEnvelope_SignSecret(t *testing.T) {
  dataMsg := &GossipMessage{
- Content: dataMessage(1, "hash", []byte("data")),
+ Content: dataMessage(1, []byte("data")),
  }
  bytes, err := proto.Marshal(dataMsg)
  assert.NoError(t, err)
@@ -851,12 +848,11 @@ func stateInfoMessage(incNumber uint64, seqNum uint64, pkid []byte, mac []byte)
  }
 }
 
-func dataMessage(seqNum uint64, hash string, data []byte) *GossipMessage_DataMsg {
+func dataMessage(seqNum uint64, data []byte) *GossipMessage_DataMsg {
  return &GossipMessage_DataMsg{
  DataMsg: &DataMessage{
  Payload: &Payload{
  SeqNum: seqNum,
- Hash: hash,
  Data: data,
  },
  },