Closed asn-d6 closed 10 years ago
Thanks! The problem isn't the Unmarshal call in revocation(), rather the lack of checking of account.Group(). I've also added a check in newAccount to ensure that bad groups don't enter the system in the first place.
Hello,
I might be wrong but I think that two code issues can be combined to crash the pond server.
a) In
server.go:newAccount()
we writereq.Group
to that file, without checking that it's a proper group key (like theGroup()
method does). This is not bad on its own, but it would be more defensive if the key is checked upon insertion to the file.b) In
server.go:revocation()
we do:group := account.Group() groupCopy, _ := new(bbssig.Group).Unmarshal(group.Marshal()) groupCopy.Update(revocation)
without checking the retval ofGroup()
orUnmarshal()
. I believe that if a new account is created with a corrupted key, and then a revocation is executed for that account, theGroup()
operation will fail and cause a nil dereference or something in the Unmarshal. If that doens't do it, then the Unmarshal will fail and cause the same in theUpdate()
. In any case, servers might crash. Maybe.