Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add validation of allowed CrdsValues in gossip #4764

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

add validation of allowed CrdsValues in gossip #4764

wants to merge 3 commits into from
+37 −6

Conversation

alexpyattaev
Copy link

Protocol enum variants can now be pruned better in Sanitize impl

Problem

Sanitize implementation allowed certain invalid PullRequest variants to travel through the code

Summary of Changes

  • Expand Sanitize impl to eliminate values that should not be present in valid traffic.

add validation of allowed CrdsValues in gossip
d7dd5f3 
Protocol enum variants can now be pruned better in Sanitize impl
gregcusack
gregcusack reviewed Feb 3, 2025
View reviewed changes
Copy link

@gregcusack gregcusack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i know its just a draft pr rn. big question is if we can actually get rid of LegacyVersion

gossip/src/protocol.rs
Comment on lines +170 to +172
CrdsData::LegacyVersion(_) => {
return Err(SanitizeError::InvalidValue);
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@behzadnouri, do we still need to support LegacyVersion? If not, maybe it makes sense to remove it from CrdsData as well.

gossip/src/protocol.rs Outdated Show resolved Hide resolved
gossip/src/protocol.rs
Comment on lines +182 to +192
for v in val {
match v.data() {
CrdsData::LegacyVersion(_) => {
return Err(SanitizeError::InvalidValue);
}
_ => {
v.sanitize()?;
}
}
}
Ok(())
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we are going to reject LegacyVersion, I would just reject and return an error here:

agave/gossip/src/crds_data.rs

Line 92 in 15a9d9c

CrdsData::LegacyVersion(version) => version.sanitize(),
.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess so, yes. The question is what is the standard of proof to properly deprecate it for good.

@alexpyattaev @gregcusack
Update gossip/src/protocol.rs
fa70b00 
Style change for PullRequest sanitize.

Co-authored-by: Greg Cusack <[email protected]>
@alexpyattaev alexpyattaev marked this pull request as ready for review February 4, 2025 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gregcusack gregcusack gregcusack left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexpyattaev @gregcusack