Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No length check on pubKeys in Eth2FastAggregateVerify #9737

Closed
dnkolegov opened this issue Oct 5, 2021 · 1 comment · Fixed by #9742
Closed

No length check on pubKeys in Eth2FastAggregateVerify #9737

dnkolegov opened this issue Oct 5, 2021 · 1 comment · Fixed by #9742
Labels
Security Security Related Issues

Comments

@dnkolegov
Copy link

Description

There is no length check on pubKeys slice in Eth2FastAggregateVerify - https://github.com/prysmaticlabs/prysm/blob/develop/crypto/bls/blst/signature.go#L135.

If pubKeys is nil or empty and s is not G2_POINT_AT_INFINITY the function returns result of s.innerFastAggregateVerify(pubKeys, msg). The last function doesn't validate pubKeys.

The spec says that Eth2FastAggregateVerify should return the result of FastAggregateVerify, instead of this innerFastAggregateVerify will be called.
@nisdas nisdas added the Security Security Related Issues label Oct 5, 2021
@nisdas nisdas mentioned this issue Oct 6, 2021
Merged
1 task
@nisdas
Copy link
Member

nisdas commented Oct 6, 2021
edited
Loading

Thanks for the report @dnkolegov , it was previously split out to prevent some redundant calls from being made, but it has been reverted back in #9742 to be more inline with the spec.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Security Security Related Issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bring Eth2FastAggregateVerify Inline With the Spec prysmaticlabs/prysm
2 participants
@dnkolegov @nisdas