Skip to content

Fix ecrecover memory clear#2662

Merged
axic merged 4 commits intodevelopfrom
fixEcrecover2
Jul 28, 2017
Merged

Fix ecrecover memory clear#2662
axic merged 4 commits intodevelopfrom
fixEcrecover2

Conversation

@chriseth
Copy link
Contributor

No description provided.

function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s, uint blockExpired, bytes32 salt)
returns (address)
{
require(hash == sha3(blockExpired, salt));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the point having blockExpired/salt?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was just part of the example code that triggered the bug.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, now I see. No, we actually need it, computing sha3(blockExpired, salt) is the part that puts the correct data into the correct point in memory that was not properly zeroed out.

Copy link
Contributor

@axic axic Jul 28, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case wouldn’t an assembly piece to write random stuff at the free memory pointer would be the most definitive test? This test now depends on sha3 behaving as it is. (Also we renamed it to keccak256 internally :) )

@chriseth
Copy link
Contributor Author

Added the assembly test.

function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s, uint blockExpired, bytes32 salt)
returns (address)
{
require(hash == sha3(blockExpired, salt));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use keccak256 instead of sha3 as in the rest of the tests.

[
{
"name": "ECRecoverMalformedInput",
"summary": "The ecrecover() builtin can return garbage for malformed input.",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just marking it here: this indentation is off and below too. We'll fix later.

@axic axic merged commit 6675148 into develop Jul 28, 2017
@axic axic deleted the fixEcrecover2 branch July 28, 2017 15:19
@axic axic removed the nextrelease label Aug 4, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants