-
Notifications
You must be signed in to change notification settings - Fork 376
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: sanitize groth16 verification key reading #1307
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ivokub
added
bug
Something isn't working
fuzzing
Issue found using a fuzzing tool
labels
Oct 30, 2024
@gbotrel - it is done now :) I didn't anticipate making that much bugs :/ |
gbotrel
approved these changes
Oct 31, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, suggestion for perf to avoid many re-allocations in some cases
internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
See the related security advisory GHSA-cph5-3pgr-c82g (will publish once PR has been reviewed and tested) for full description and POC.
The main issue is that serialized Groth16 verification key includes in a header number of expected Pedersen verification keys which is used for initializing a slice. When modifying the serialized file, we may allocate huge slice, leading to OOM.
In this PR instead of allocating the slice beforehand, we instead try to read all the existing commitment keys in the file and then compare that the number of read commitment keys corresponds to the expected. This prevents using heuristics on the number of commitment keys and bounds the size of the in-memory full verification key to the serialized file size.
Type of change
How has this been tested?
Tested against the POC in the advisory. Does not OOM anymore.
Checklist:
golangci-lint
does not output errors locally