User sending a large string breaks their Ag Solo at the cosmos layer

[b4d2]

Describe the bug

It appears that some of the connective tissue between the cosmos layer and the JS layer where json message length is treated differently, resulting in a valid JS message, but when parsing it on the golang layer it is not. The reproduction steps below crash the local node, but all vats continue to run normally (including http)

To Reproduce

Steps to reproduce the behavior:

1. start chain: agoric start local-chain --reset
2. start solo: agoric start local-solo --reset
3. open repl: open -a "Google Chrome" $(agoric open --repl --no-browser | grep http)
4. wait for chain to boot
5. Issue E(home.zoe).getInstallation("A".repeat(10000000))
6. The node will loop in a crashed state

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'... 9990044 more characters                 
    ]
] 197                                                                                                                           

2022-01-12T03:55:15.209Z chain-cosmos-sdk: Error: RPC error -32600 - Invalid Request: error reading request body: http: request body too large
Usage:                                                                                                                                                         agd tx swingset deliver [json string] [flags]
Flags:
-a, --account-number uint      The account number of the signing account (offline mode only)
-b, --broadcast-mode string    Transaction broadcasting mode (sync|async|block) (default "sync")
--dry-run                  ignore the --gas flag and perform a simulation of a transaction, but don't broadcast it
--fee-account string       Fee account pays fees for the transaction instead of deducting from the signer
--fees string              Fees to pay along with transaction; eg: 10uatom
--from string              Name or address of private key with which to sign
--gas string               gas limit to set per-transaction; set to "auto" to calculate sufficient gas automatically (default 200000)
--gas-adjustment float     adjustment factor to be multiplied against the estimate returned by the tx simulation; if the gas limit is set manually this flag is ignored  (default 1)
--gas-prices string        Gas prices in decimal format to determine the transaction fee (e.g. 0.1uatom)
--generate-only            Build an unsigned transaction and write it to STDOUT (when enabled, the local Keybase is not accessible)
-h, --help                     help for deliver         

2022-01-12T04:01:48.527Z chain-cosmos-sdk: Error sending (SyntaxError#5)
SyntaxError#5: Unexpected end of JSON input

  at JSON.parse (<anonymous>)
  at sendFromMessagePool (packages/solo/src/chain-cosmos-sdk.js:692:28)
  at async recurseEachSend (packages/solo/src/chain-cosmos-sdk.js:788:5)

Expected behavior

All valid JS that works normally within the XS/repl layer should be also equally valid when traveling through the cosmos layer

Platform Environment

• what OS are you using? what version of Node.js? macOS 12.1, node v16.13.1
• is there anything special/unusual about your platform? I only have 16gb of ram
• what version of the Agoric-SDK are you using? (run git describe --tags --always) 72cc8d6bcf428596653593708959446fb0a29596

ref #4264

[Tartuffo]

@JimLarson @michaelfig This does not have an area label that is covered by our weekly tech / planning meetings, so it will likely fall through the cracks for planning for MN-1. Can you please assign the proper label? We cover: agd, agoric-cosmos, amm, core economy, cosmic-swingset, endo, getrun, governance, installation-bundling, metering, run-protocol, staking, swingset, swingset-runner, token economy, ui, wallet, zoe, zoe contract

[b4d2]

to note - while at first this appears to be a self-footgun, one could patch the issue on their ag-solo node, and send a packet to the chain where this issue exists, which would result in the same json parse crash behavior but on all of the validators

[Tartuffo]

It is probably more important for us to harden our exposed endpoints, e.g. https://github.com/Agoric/agoric-sdk/issues/4068 and https://github.com/Agoric/agoric-sdk/issues/3878.

[michaelfig]

the same json parse crash behavior but on all of the validators

I don't want to make it sound like we're not trying to address this vulnerability in the chain: we definitely are! The only reason we aren't prioritising this particular issue, as @Tartuffo mentioned, is because it is specifically about the solo node, so we can legitimately fix the chain issue without needing to work on the solo issue.