[Crash/Fuzzing] "TypeError: public key must be a Buffer" when parsing ENR string

Question

[Crash/Fuzzing] "TypeError: public key must be a Buffer" when parsing ENR string

pventuzelo opened this issue 4 years ago · 1 comments

Describe the bug

During fuzzing with beaconfuzz, I found this TypeError crash. I suppose that bcrypto library throw this because the enr library provide invalid data.

Expected behavior

Enr should detect and throw an Error.

Steps to Reproduce

crash_TypeError_tostring_undef_enr_lodestar.js:

var discv5 = require("@chainsafe/discv5");

buf = "enr:-IS4QJ2d11eu6dC7E7LoXeLMgMP3kom1u3SE8esFSWvaHoo0dP1jg8O3-nx9ht-EO3CmG7L6OkHcMmoIh00IYWB92QABgmlkgnY0gmlwhH8AAAGJc2d11eu6dCsxoQIB_c-jQMOXsbjWkbN-kj99H57gfId5pfb4wa1qxwV4CIN1ZHCCIyk".toString()

discv5.ENR.decodeTxt(buf);

Run:

$ npm i @chainsafe/discv5

$ node crash_TypeError_pub_key_buffer_enr_lodestar.js
/home/scop/node_modules/bcrypto/lib/native/secp256k1.js:544
      throw e;
      ^

TypeError: public key must be a Buffer
    at Object.verify (/home/scop/node_modules/bcrypto/lib/native/secp256k1.js:541:20)
    at Object.verify (/home/scop/node_modules/@chainsafe/discv5/lib/enr/v4.js:23:22)
    at Map.verify (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:189:27)
    at Function.decodeFromValues (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:55:18)
    at Function.decode (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:62:20)
    at Function.decodeTxt (/home/scop/node_modules/@chainsafe/discv5/lib/enr/enr.js:68:20)
    at Object.<anonymous> (/XXX/crash_TypeError_pub_key_buffer_enr_lodestar.js:13:12)
    at Module._compile (internal/modules/cjs/loader.js:936:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:947:10)
    at Module.load (internal/modules/cjs/loader.js:790:32)

Desktop (please complete the following information):

OS: Ubuntu 18.04
@chainsafe/discv5: 0.2.2
node -v: v12.9.1

Additional info:

$ zcli net enr IS4QJ2d11eu6dC7E7LoXeLMgMP3kom1u3SE8esFSWvaHoo0dP1jg8O3-nx9ht-EO3CmG7L6OkHcMmoIh00IYWB92QABgmlkgnY0gmlwhH8AAAGJc2d11eu6dCsxoQIB_c-jQMOXsbjWkbN-kj99H57gfId5pfb4wa1qxwV4CIN1ZHCCIyk 
input: IS4QJ2d11eu6dC7E7LoXeLMgMP3kom1u3SE8esFSWvaHoo0dP1jg8O3-nx9ht-EO3CmG7L6OkHcMmoIh00IYWB92QABgmlkgnY0gmlwhH8AAAGJc2d11eu6dCsxoQIB_c-jQMOXsbjWkbN-kj99H57gfId5pfb4wa1qxwV4CIN1ZHCCIyk
invalid ENR RLP encoding
rlp: expected List

Answer 1 · 2020-06-24T22:25:13.000Z

after the fix, it should throw Error "Failed to verify enr: No public key"