[FAB-2616] Fix potential crash in cauthdsl

https://jira.hyperledger.org/browse/FAB-2616 There was an outstanding FIXME in the cauthdsl code which ignored an error. In the case that the supplied identity could not be deserialized, the cuathdsl would dereference a null pointer and crash. This CR fixes this issue and moves some mock code to the test. Change-Id: Ied5daa4d6f6f9961c8617a282590d3d79317f407 Signed-off-by: Jason Yellick <jyellick@us.ibm.com>
hyperledger · Mar 7, 2017 · 5cdb17d · 5cdb17d
1 parent 30a0e21
commit 5cdb17d
Show file tree

Hide file tree

Showing 2 changed files with 84 additions and 81 deletions.
diff --git a/common/cauthdsl/cauthdsl.go b/common/cauthdsl/cauthdsl.go
@@ -19,12 +19,9 @@ package cauthdsl
 import (
  "fmt"
 
- "bytes"
-
  "github.com/hyperledger/fabric/msp"
  cb "github.com/hyperledger/fabric/protos/common"
  "github.com/op/go-logging"
- "github.com/syndtr/goleveldb/leveldb/errors"
 )
 
 var cauthdslLogger = logging.MustGetLogger("cauthdsl")
@@ -73,13 +70,16 @@ func compile(policy *cb.SignaturePolicy, identities []*cb.MSPPrincipal, deserial
  if used[i] {
  continue
  }
- // FIXME: what should I do with the error below?
- identity, _ := deserializer.DeserializeIdentity(sd.Identity)
- err := identity.SatisfiesPrincipal(signedByID)
+ identity, err := deserializer.DeserializeIdentity(sd.Identity)
+ if err != nil {
+ cauthdslLogger.Errorf("Principal deserialization failed: (%s) for identity %v", err, sd.Identity)
+ continue
+ }
+ err = identity.SatisfiesPrincipal(signedByID)
  if err == nil {
  err := identity.Verify(sd.Data, sd.Signature)
  if err == nil {
- cauthdslLogger.Debugf("Principal evaluation succeeds: (%s)", t, used)
+ cauthdslLogger.Debugf("Principal evaluation succeeds: (%s) (used %s)", t, used)
  used[i] = true
  return true
  }
@@ -92,77 +92,3 @@ func compile(policy *cb.SignaturePolicy, identities []*cb.MSPPrincipal, deserial
  return nil, fmt.Errorf("Unknown type: %T:%v", t, t)
  }
 }
-
-// FIXME: remove the code below as soon as we can use MSP from the policy manager code
-var invalidSignature = []byte("badsigned")
-
-type mockIdentity struct {
- idBytes []byte
-}
-
-func (id *mockIdentity) SatisfiesPrincipal(p *cb.MSPPrincipal) error {
- if bytes.Compare(id.idBytes, p.Principal) == 0 {
- return nil
- } else {
- return errors.New("Principals do not match")
- }
-}
-
-func (id *mockIdentity) GetIdentifier() *msp.IdentityIdentifier {
- return &msp.IdentityIdentifier{Mspid: "Mock", Id: "Bob"}
-}
-
-func (id *mockIdentity) GetMSPIdentifier() string {
- return "Mock"
-}
-
-func (id *mockIdentity) Validate() error {
- return nil
-}
-
-func (id *mockIdentity) GetOrganizationalUnits() []string {
- return []string{"dunno"}
-}
-
-func (id *mockIdentity) Verify(msg []byte, sig []byte) error {
- if bytes.Compare(sig, invalidSignature) == 0 {
- return errors.New("Invalid signature")
- } else {
- return nil
- }
-}
-
-func (id *mockIdentity) VerifyOpts(msg []byte, sig []byte, opts msp.SignatureOpts) error {
- return nil
-}
-
-func (id *mockIdentity) VerifyAttributes(proof []byte, spec *msp.AttributeProofSpec) error {
- return nil
-}
-
-func (id *mockIdentity) Serialize() ([]byte, error) {
- return id.idBytes, nil
-}
-
-func toSignedData(data [][]byte, identities [][]byte, signatures [][]byte) ([]*cb.SignedData, []bool) {
- signedData := make([]*cb.SignedData, len(data))
- for i := range signedData {
- signedData[i] = &cb.SignedData{
- Data: data[i],
- Identity: identities[i],
- Signature: signatures[i],
- }
- }
- return signedData, make([]bool, len(signedData))
-}
-
-type mockDeserializer struct {
-}
-
-func NewMockDeserializer() msp.IdentityDeserializer {
- return &mockDeserializer{}
-}
-
-func (md *mockDeserializer) DeserializeIdentity(serializedIdentity []byte) (msp.Identity, error) {
- return &mockIdentity{idBytes: serializedIdentity}, nil
-}
diff --git a/common/cauthdsl/cauthdsl_test.go b/common/cauthdsl/cauthdsl_test.go
@@ -17,12 +17,89 @@ limitations under the License.
 package cauthdsl
 
 import (
+ "bytes"
+ "errors"
  "testing"
 
+ "github.com/hyperledger/fabric/msp"
+
  "github.com/golang/protobuf/proto"
  cb "github.com/hyperledger/fabric/protos/common"
 )
 
+var invalidSignature = []byte("badsigned")
+
+type mockIdentity struct {
+ idBytes []byte
+}
+
+func (id *mockIdentity) SatisfiesPrincipal(p *cb.MSPPrincipal) error {
+ if bytes.Compare(id.idBytes, p.Principal) == 0 {
+ return nil
+ } else {
+ return errors.New("Principals do not match")
+ }
+}
+
+func (id *mockIdentity) GetIdentifier() *msp.IdentityIdentifier {
+ return &msp.IdentityIdentifier{Mspid: "Mock", Id: "Bob"}
+}
+
+func (id *mockIdentity) GetMSPIdentifier() string {
+ return "Mock"
+}
+
+func (id *mockIdentity) Validate() error {
+ return nil
+}
+
+func (id *mockIdentity) GetOrganizationalUnits() []string {
+ return []string{"dunno"}
+}
+
+func (id *mockIdentity) Verify(msg []byte, sig []byte) error {
+ if bytes.Compare(sig, invalidSignature) == 0 {
+ return errors.New("Invalid signature")
+ } else {
+ return nil
+ }
+}
+
+func (id *mockIdentity) VerifyOpts(msg []byte, sig []byte, opts msp.SignatureOpts) error {
+ return nil
+}
+
+func (id *mockIdentity) VerifyAttributes(proof []byte, spec *msp.AttributeProofSpec) error {
+ return nil
+}
+
+func (id *mockIdentity) Serialize() ([]byte, error) {
+ return id.idBytes, nil
+}
+
+func toSignedData(data [][]byte, identities [][]byte, signatures [][]byte) ([]*cb.SignedData, []bool) {
+ signedData := make([]*cb.SignedData, len(data))
+ for i := range signedData {
+ signedData[i] = &cb.SignedData{
+ Data: data[i],
+ Identity: identities[i],
+ Signature: signatures[i],
+ }
+ }
+ return signedData, make([]bool, len(signedData))
+}
+
+type mockDeserializer struct {
+}
+
+func NewMockDeserializer() msp.IdentityDeserializer {
+ return &mockDeserializer{}
+}
+
+func (md *mockDeserializer) DeserializeIdentity(serializedIdentity []byte) (msp.Identity, error) {
+ return &mockIdentity{idBytes: serializedIdentity}, nil
+}
+
 var validSignature = []byte("signed")
 var signers = [][]byte{[]byte("signer0"), []byte("signer1")}
 var msgs = [][]byte{nil, nil}