deserialization: update codecs to be more defensive on malicious input (

MystenLabs#5664)
BoilingOil · Oct 29, 2022 · 6def0bb · 6def0bb
1 parent fe917ea
commit 6def0bb
Show file tree

Hide file tree

Showing 16 changed files with 83 additions and 36 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -74,7 +74,7 @@ opt-level = 1
 typed-store = "0.4.0"
 typed-store-derive = "0.3.0"
 telemetry-subscribers = { version = "0.2.0", features = ["jaeger", "tokio-console"] }
-mysten-network = "0.2.0"
+mysten-network = { git = "https://github.com/MystenLabs/mysten-infra.git", rev = "62dd8c9c4aa0f5ed2c243546d159d9cf2816f3d9" }
 name-variant = "0.1.0"
 store = { version = "0.4.0", package = "typed-store" }
 
@@ -101,9 +101,9 @@ move-prover-boogie-backend = { git = "https://github.com/move-language/move", re
 fastcrypto = { git = "https://github.com/MystenLabs/fastcrypto", rev = "223ccb31da34823f6f7d940517872b37df08736a" }
 
 # anemo dependencies
-anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "f514987fa7f731058dd5a56e409e68600d84d909" }
-anemo-build = { git = "https://github.com/mystenlabs/anemo.git", rev = "f514987fa7f731058dd5a56e409e68600d84d909" }
-anemo-tower = { git = "https://github.com/mystenlabs/anemo.git", rev = "f514987fa7f731058dd5a56e409e68600d84d909" }
+anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f" }
+anemo-build = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f" }
+anemo-tower = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f" }
 
 # Use the same workspace-hack across crates.
 workspace-hack = { path = "crates/workspace-hack" }

diff --git a/crates/sui-benchmark/Cargo.toml b/crates/sui-benchmark/Cargo.toml
@@ -25,7 +25,7 @@ tracing-subscriber = { version = "0.3.15", features = ["time", "registry", "env-
 telemetry-subscribers.workspace = true
 clap = { version = "3.1.17", features = ["derive"] }
 prometheus = "0.13.2"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 rand = "0.8.5"
 base64 = "0.13.0"
 rand_distr = "0.4.3"

diff --git a/crates/sui-config/Cargo.toml b/crates/sui-config/Cargo.toml
@@ -17,7 +17,7 @@ serde_with = "2.0.1"
 serde_yaml = "0.8.26"
 rand = "0.8.5"
 dirs = "4.0.0"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 once_cell = "1.14.0"
 tracing = "0.1.36"
 

diff --git a/crates/sui-core/Cargo.toml b/crates/sui-core/Cargo.toml
@@ -25,7 +25,7 @@ itertools = "0.10.4"
 tracing = "0.1.36"
 signature = "1.6.0"
 bincode = "1.3.3"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 prometheus = "0.13.2"
 arc-swap = "1.5.1"
 tokio-retry = "0.3"

diff --git a/crates/sui-node/Cargo.toml b/crates/sui-node/Cargo.toml
@@ -12,7 +12,7 @@ anemo-tower.workspace = true
 axum = "0.5.16"
 anyhow = { version = "1.0.64", features = ["backtrace"] }
 clap = { version = "3.2.17", features = ["derive"] }
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 prometheus = "0.13.2"
 tokio = { version = "1.20.1", features = ["full"] }
 tracing = "0.1.36"

diff --git a/crates/sui/Cargo.toml b/crates/sui/Cargo.toml
@@ -54,7 +54,7 @@ move-cli.workspace = true
 move-package.workspace = true
 
 workspace-hack.workspace = true
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 hex = "0.4.3"
 
 [target.'cfg(not(target_env = "msvc"))'.dependencies]

diff --git a/crates/test-utils/Cargo.toml b/crates/test-utils/Cargo.toml
@@ -33,7 +33,7 @@ sui-types = { path = "../sui-types" }
 sui-keys = { path = "../sui-keys" }
 sui-sdk = { path = "../sui-sdk" }
 once_cell = "1.14.0"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 
 mysten-network.workspace = true
 move-core-types.workspace = true

diff --git a/crates/workspace-hack/Cargo.toml b/crates/workspace-hack/Cargo.toml
@@ -22,8 +22,8 @@ aes = { version = "0.8", default-features = false }
 aes-gcm = { version = "0.10", features = ["aes", "alloc", "getrandom"] }
 ahash = { version = "0.7", features = ["std"] }
 aho-corasick = { version = "0.7", features = ["std"] }
-anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "f514987fa7f731058dd5a56e409e68600d84d909", default-features = false }
-anemo-tower = { git = "https://github.com/mystenlabs/anemo.git", rev = "f514987fa7f731058dd5a56e409e68600d84d909", default-features = false }
+anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f", default-features = false }
+anemo-tower = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f", default-features = false }
 ansi_term = { version = "0.12", default-features = false }
 anyhow = { version = "1", features = ["backtrace", "std"] }
 arc-swap = { version = "1", default-features = false, features = ["serde"] }
@@ -51,6 +51,7 @@ axum-core = { version = "0.2", default-features = false }
 axum-server = { version = "0.4" }
 backoff = { version = "0.4", features = ["futures", "futures-core", "pin-project-lite", "tokio", "tokio_1"] }
 backtrace = { version = "0.3", features = ["std"] }
+base-x = { version = "0.2", default-features = false }
 base16ct = { version = "0.1", default-features = false }
 base64 = { version = "0.13", features = ["alloc", "std"] }
 base64ct = { version = "1", default-features = false, features = ["alloc"] }
@@ -76,7 +77,7 @@ block-padding-6f8ce4dd05d13bba = { package = "block-padding", version = "0.2", d
 block-padding-468e82937335b1c9 = { package = "block-padding", version = "0.3", default-features = false, features = ["std"] }
 bls-crypto = { git = "https://github.com/huitseeker/celo-bls-snark-rs", branch = "updates-2", features = ["compat"] }
 blst = { version = "0.3" }
-bs58 = { version = "0.4", features = ["alloc", "check", "sha2", "std"] }
+bs58 = { version = "0.4", default-features = false, features = ["check", "sha2"] }
 bstr = { version = "0.2", features = ["lazy_static", "regex-automata", "serde", "serde1", "serde1-nostd", "std", "unicode"] }
 bulletproofs = { version = "4", features = ["rand", "std", "thiserror"] }
 bytecode-interpreter-crypto = { git = "https://github.com/move-language/move", rev = "1ffd0a3e7bdc4bba7dafb8c814279e750113d030", features = ["fiat"] }
@@ -139,6 +140,7 @@ curve25519-dalek-fiat = { version = "0.1", default-features = false, features =
 curve25519-dalek-ng = { version = "4", features = ["alloc", "serde", "std", "u64_backend"] }
 dashmap = { version = "5", default-features = false }
 data-encoding = { version = "2", features = ["alloc", "std"] }
+data-encoding-macro = { version = "0.1", default-features = false }
 datatest-stable = { version = "0.1", default-features = false }
 debug-ignore = { version = "1", default-features = false }
 der = { version = "0.6", default-features = false, features = ["alloc", "const-oid", "oid", "std", "zeroize"] }
@@ -329,9 +331,10 @@ move-unit-test = { git = "https://github.com/move-language/move", rev = "1ffd0a3
 move-vm-runtime = { git = "https://github.com/move-language/move", rev = "1ffd0a3e7bdc4bba7dafb8c814279e750113d030", features = ["debugging", "testing"] }
 move-vm-test-utils = { git = "https://github.com/move-language/move", rev = "1ffd0a3e7bdc4bba7dafb8c814279e750113d030" }
 move-vm-types = { git = "https://github.com/move-language/move", rev = "1ffd0a3e7bdc4bba7dafb8c814279e750113d030" }
-multiaddr = { version = "0.14", features = ["url"] }
+multiaddr = { version = "0.15", features = ["url"] }
+multibase = { version = "0.9", features = ["std"] }
 multihash = { version = "0.16", default-features = false, features = ["alloc", "derive", "identity", "multihash-derive", "multihash-impl", "std"] }
-mysten-network = { version = "0.2", default-features = false }
+mysten-network = { git = "https://github.com/MystenLabs/mysten-infra.git", rev = "62dd8c9c4aa0f5ed2c243546d159d9cf2816f3d9", default-features = false }
 mysten-util-mem = { git = "https://github.com/MystenLabs/mysten-infra/", rev = "d69adb7aa133b6306aea4ddfe3df5fbb5daa9cb2", features = ["estimate-heapsize", "hashbrown", "parking_lot", "smallvec", "std"] }
 named-lock = { version = "0.2", default-features = false }
 nested = { version = "0.1", default-features = false }
@@ -624,9 +627,9 @@ aes = { version = "0.8", default-features = false }
 aes-gcm = { version = "0.10", features = ["aes", "alloc", "getrandom"] }
 ahash = { version = "0.7", features = ["std"] }
 aho-corasick = { version = "0.7", features = ["std"] }
-anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "f514987fa7f731058dd5a56e409e68600d84d909", default-features = false }
-anemo-build = { git = "https://github.com/mystenlabs/anemo.git", rev = "f514987fa7f731058dd5a56e409e68600d84d909", default-features = false }
-anemo-tower = { git = "https://github.com/mystenlabs/anemo.git", rev = "f514987fa7f731058dd5a56e409e68600d84d909", default-features = false }
+anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f", default-features = false }
+anemo-build = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f", default-features = false }
+anemo-tower = { git = "https://github.com/mystenlabs/anemo.git", rev = "87d60b249a9954775a95790e3bc9ca1a0df7969f", default-features = false }
 ansi_term = { version = "0.12", default-features = false }
 anyhow = { version = "1", features = ["backtrace", "std"] }
 arc-swap = { version = "1", default-features = false, features = ["serde"] }
@@ -663,6 +666,7 @@ axum-core = { version = "0.2", default-features = false }
 axum-server = { version = "0.4" }
 backoff = { version = "0.4", features = ["futures", "futures-core", "pin-project-lite", "tokio", "tokio_1"] }
 backtrace = { version = "0.3", features = ["std"] }
+base-x = { version = "0.2", default-features = false }
 base16ct = { version = "0.1", default-features = false }
 base64 = { version = "0.13", features = ["alloc", "std"] }
 base64ct = { version = "1", default-features = false, features = ["alloc"] }
@@ -690,7 +694,7 @@ block-padding-6f8ce4dd05d13bba = { package = "block-padding", version = "0.2", d
 block-padding-468e82937335b1c9 = { package = "block-padding", version = "0.3", default-features = false, features = ["std"] }
 bls-crypto = { git = "https://github.com/huitseeker/celo-bls-snark-rs", branch = "updates-2", features = ["compat"] }
 blst = { version = "0.3" }
-bs58 = { version = "0.4", features = ["alloc", "check", "sha2", "std"] }
+bs58 = { version = "0.4", default-features = false, features = ["check", "sha2"] }
 bstr = { version = "0.2", features = ["lazy_static", "regex-automata", "serde", "serde1", "serde1-nostd", "std", "unicode"] }
 bulletproofs = { version = "4", features = ["rand", "std", "thiserror"] }
 bumpalo = { version = "3" }
@@ -762,6 +766,8 @@ darling_core = { version = "0.14", default-features = false, features = ["strsim
 darling_macro = { version = "0.14", default-features = false }
 dashmap = { version = "5", default-features = false }
 data-encoding = { version = "2", features = ["alloc", "std"] }
+data-encoding-macro = { version = "0.1", default-features = false }
+data-encoding-macro-internal = { version = "0.1", default-features = false }
 datatest-stable = { version = "0.1", default-features = false }
 debug-ignore = { version = "1", default-features = false }
 der = { version = "0.6", default-features = false, features = ["alloc", "const-oid", "oid", "std", "zeroize"] }
@@ -972,11 +978,12 @@ move-unit-test = { git = "https://github.com/move-language/move", rev = "1ffd0a3
 move-vm-runtime = { git = "https://github.com/move-language/move", rev = "1ffd0a3e7bdc4bba7dafb8c814279e750113d030", features = ["debugging", "testing"] }
 move-vm-test-utils = { git = "https://github.com/move-language/move", rev = "1ffd0a3e7bdc4bba7dafb8c814279e750113d030" }
 move-vm-types = { git = "https://github.com/move-language/move", rev = "1ffd0a3e7bdc4bba7dafb8c814279e750113d030" }
-multiaddr = { version = "0.14", features = ["url"] }
+multiaddr = { version = "0.15", features = ["url"] }
+multibase = { version = "0.9", features = ["std"] }
 multihash = { version = "0.16", default-features = false, features = ["alloc", "derive", "identity", "multihash-derive", "multihash-impl", "std"] }
 multihash-derive = { version = "0.8", default-features = false, features = ["std"] }
 multimap = { version = "0.8", default-features = false }
-mysten-network = { version = "0.2", default-features = false }
+mysten-network = { git = "https://github.com/MystenLabs/mysten-infra.git", rev = "62dd8c9c4aa0f5ed2c243546d159d9cf2816f3d9", default-features = false }
 mysten-util-mem = { git = "https://github.com/MystenLabs/mysten-infra/", rev = "d69adb7aa133b6306aea4ddfe3df5fbb5daa9cb2", features = ["estimate-heapsize", "hashbrown", "parking_lot", "smallvec", "std"] }
 mysten-util-mem-derive = { git = "https://github.com/MystenLabs/mysten-infra/", rev = "d69adb7aa133b6306aea4ddfe3df5fbb5daa9cb2", default-features = false }
 name-variant = { version = "0.1", default-features = false }

diff --git a/narwhal/config/Cargo.toml b/narwhal/config/Cargo.toml
@@ -8,7 +8,7 @@ publish = false
 
 [dependencies]
 match_opt = "0.1.2"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 serde = { version = "1.0.144", features = ["derive"] }
 serde_with = "2.0.1"
 serde_json = "1.0.85"

diff --git a/narwhal/executor/Cargo.toml b/narwhal/executor/Cargo.toml
@@ -14,7 +14,7 @@ config = { path = "../config", package = "narwhal-config" }
 consensus = { path = "../consensus", package = "narwhal-consensus" }
 fastcrypto.workspace = true
 futures = "0.3.24"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 primary = { path = "../primary", package = "narwhal-primary" }
 serde = { version = "1.0.144", features = ["derive"] }
 thiserror = "1.0.35"

diff --git a/narwhal/network/Cargo.toml b/narwhal/network/Cargo.toml
@@ -12,7 +12,7 @@ backoff = { version = "0.4.0", features = ["tokio"] }
 bytes = "1.2.1"
 fastcrypto.workspace = true
 futures = "0.3.24"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 prometheus = "0.13.2"
 rand = { version = "0.8.5", features = ["small_rng"] }
 thiserror = "1.0.35"

diff --git a/narwhal/node/Cargo.toml b/narwhal/node/Cargo.toml
@@ -15,7 +15,7 @@ cfg-if = "1.0.0"
 clap = "2.34"
 dhat = { version = "0.3.0", optional = true }
 futures = "0.3.24"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 mysten-network.workspace = true
 rand = "0.8.5"
 store = { version = "0.4.0", package = "typed-store"}

diff --git a/narwhal/primary/Cargo.toml b/narwhal/primary/Cargo.toml
@@ -19,7 +19,7 @@ derive_builder = "0.11.2"
 dhat = { version = "0.3.0", optional = true }
 futures = "0.3.24"
 itertools = "0.10.5"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 once_cell = "1.14.0"
 prometheus = "0.13.2"
 prost = "0.10.4"

diff --git a/narwhal/test-utils/Cargo.toml b/narwhal/test-utils/Cargo.toml
@@ -16,7 +16,7 @@ fdlimit = "0.2"
 futures = "0.3.24"
 indexmap = { version = "1.9.1", features = ["serde"] }
 itertools = "0.10.5"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 prometheus = "0.13.2"
 rand = "0.8.5"
 serde = { version = "1.0.144", features = ["derive"] }

diff --git a/narwhal/worker/Cargo.toml b/narwhal/worker/Cargo.toml
@@ -12,7 +12,7 @@ bincode = "1.3.3"
 byteorder = "1.4.3"
 bytes = "1.2.1"
 futures = "0.3.24"
-multiaddr = "0.14.0"
+multiaddr = "0.15.0"
 rand = { version = "0.8.5", features = ["small_rng"] }
 serde = { version = "1.0.144", features = ["derive"] }
 tap = "1.0.1"