Rogue signing persistency can crash eddsa signing service - Githubissues

fireblocks / mpc-lib

GNU General Public License v3.0

147 stars 86 forks source link

Rogue signing persistency can crash eddsa signing service #17

Closed azzaouit closed 2 months ago

azzaouit commented 3 months ago

The function eddsa_online_signing_service::get_eddsa_signature dereferences a null pointer.

Line 317 sets the pointer my_s to NULL
The call to memcmp on line 344 dereferences my_s
If the assignment on line 332 never executes, my_s will be NULL and the eddsa online signing service will crash.

How to trigger

Make sure the loop condition on line 318 is false (i.e. data.signers_ids is empty)
Make sure the assignment on line 332 never executes (i.e. my_id is not a data signer)

Modified test case to show this here

nadav-fireblocks commented 2 months ago

Thank you for the report, I believe commit 6e9eb06c6555f356b362ab259eef0ffbe2e2d78a should resolve this.