Skip to content

Fix unmarshal values #788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mbrandenburger merged 2 commits into from
Apr 11, 2025
Merged

Fix unmarshal values #788

mbrandenburger merged 2 commits into from
Apr 11, 2025

Conversation

@mbrandenburger
Copy link
Contributor

@mbrandenburger mbrandenburger commented Mar 30, 2025

This PR fixes an issue where a malicious key is used that might cause a null pointer dereferencing in
unmarshal_values, which may crash the enclave.

@mbrandenburger mbrandenburger added the bug Something isn't working label Mar 30, 2025
@mbrandenburger mbrandenburger requested a review from a team as a code owner March 30, 2025 01:18
@mbrandenburger mbrandenburger force-pushed the fix-unmarshal-values branch 2 times, most recently from 7a09456 to 29681cf Compare March 30, 2025 18:48
@chenchanglew
Copy link
Contributor

chenchanglew commented Apr 2, 2025

Double-checked the pipeline — the new test case has been executed and passed successfully.

=== RUN   TestMustNotCrash  
    crash_test.go:17: Use channel: mychannel, chaincode ID: crash  
[fabsdk/core] 2025/03/30 19:10:01 UTC - cryptosuite.GetDefault -> INFO No default cryptosuite found, using default SW implementation  
--- PASS: TestMustNotCrash (4.09s)  
PASS  
ok  	github.com/hyperledger/fabric-private-chaincode/integration/crashtest/unmarshal_values/test	4.108s

@ryjones ryjones force-pushed the fix-unmarshal-values branch from 29681cf to fc1f7ef Compare April 4, 2025 13:50
munapower
munapower approved these changes Apr 10, 2025
View reviewed changes
Copy link
Contributor

@munapower munapower left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At a high level the code looks good and Zac was able to verify that the test worked.

@mbrandenburger
Add crash test for unmarshal_values
4c5192f 
- adding a test case that tries submids a malicous key that might cause
  a null pointer dereferencing in
  `get_public_state_by_partial_composite_key`, which may crash the
  enclave

Signed-off-by: Marcus Brandenburger <bur@zurich.ibm.com>
@mbrandenburger
Fix null pointer issuer in unmarshal_values
57209ec 
Signed-off-by: Marcus Brandenburger <bur@zurich.ibm.com>
@mbrandenburger mbrandenburger merged commit 1e92847 into hyperledger:main Apr 11, 2025
4 checks passed
@mbrandenburger mbrandenburger deleted the fix-unmarshal-values branch April 11, 2025 06:54
@mwlik
Copy link

mwlik commented Jul 14, 2025

Hi @mbrandenburger, can I have a response on my report concerning this bug? it's been months!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@munapower munapower munapower approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mbrandenburger @chenchanglew @mwlik @munapower