Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit use of panicky-macros #4446

Open
zbuc opened this issue May 23, 2024 · 3 comments
Open

Audit use of panicky-macros #4446

zbuc opened this issue May 23, 2024 · 3 comments
Labels
liveness _P-high High priority _P-V1 Priority: slated for V1 release security Issues or work related to security.
Milestone
Sprint 10

Comments

@zbuc
Copy link
Member

zbuc commented May 23, 2024

In #4444 @cratelyn noted that the use of the unimplemented!() macro in RPCs can allow a malicious client to crash the node software.

I performed a brief search through the codebase and saw several other calls to unimplemented elsewhere. We should audit the codebase for panicky macros (panic, unimplemented, todo, etc.) and ensure they're unable to crash node software.
@zbuc zbuc added the _P-V1 Priority: slated for V1 release label May 23, 2024
@github-actions github-actions bot added the needs-refinement unclear, incomplete, or stub issue that needs work label May 23, 2024
@zbuc zbuc added C-chore Codebase maintenance that doesn't fix bugs or add features, and isn't urgent or blocking. security Issues or work related to security. liveness and removed C-chore Codebase maintenance that doesn't fix bugs or add features, and isn't urgent or blocking. labels May 23, 2024
@erwanor
Copy link
Member

erwanor commented May 23, 2024

It should only interrupt the connection right? if it makes the full node panic we need to do this immediately

@cratelyn
Copy link
Contributor

i'm not sure if there is comet behavior involved when you say "full node panic" but yes, unimplemented!, todo!, and co. will cause the current thread to panic. if panics are exposed in any publicly accessible endpoints, they almost always end up being DDoS-shaped bugs.

@cratelyn cratelyn mentioned this issue May 23, 2024
Merged
1 task
@zbuc
Copy link
Member Author

zbuc commented May 23, 2024
edited
Loading

I just tested this by adding a panic to the batch_swap_output_data RPC. Good news is that the entire node does not crash; I think Tonic handles recovery from the task's panic. Even running a client calling the crashy RPC in a loop didn't prevent other services on the Dex RPC from being called simultaneously.

This work may not need to be completed after all, or is at least lower-priority than we initially thought.

@zbuc zbuc removed the _P-V1 Priority: slated for V1 release label May 23, 2024
@aubrika aubrika added _P-V1 Priority: slated for V1 release _P-high High priority and removed needs-refinement unclear, incomplete, or stub issue that needs work labels May 29, 2024
@aubrika aubrika added this to the Sprint 8 milestone May 30, 2024
@erwanor erwanor mentioned this issue Jun 3, 2024
Merged
1 task
@aubrika aubrika modified the milestones: Sprint 8, Sprint 9 Jul 15, 2024
@aubrika aubrika modified the milestones: Sprint 9, Sprint 10 Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
liveness _P-high High priority _P-V1 Priority: slated for V1 release security Issues or work related to security.
Projects
Penumbra
Status: Todo
Milestone
Sprint 10
Development

No branches or pull requests
4 participants
@zbuc @erwanor @cratelyn @aubrika