[ctr/lua] prevent referencing state at global scope and leak patch

aergoio · Apr 18, 2019 · e570801 · e570801
1 parent cfccea3
commit e570801
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 1 deletion.
diff --git a/contract/vm.c b/contract/vm.c
@@ -54,6 +54,8 @@ const int *getLuaExecContext(lua_State *L)
 	lua_getglobal(L, luaExecContext);
 	service = (int *)lua_touserdata(L, -1);
 	lua_pop(L, 1);
+	if (*service == -1)
+	    luaL_error(L, "not permitted state referencing at global scope");
 
 	return service;
 }

diff --git a/contract/vm.go b/contract/vm.go
@@ -208,6 +208,8 @@ func newExecutor(contract []byte, contractId []byte, stateSet *StateSet, ci *typ
 		ctrLog.Error().Err(ce.err).Str("contract", types.EncodeAddress(contractId)).Msg("new AergoLua executor")
 		return ce
 	}
+	bakupService := stateSet.service
+	stateSet.service = -1
 	hexId := C.CString(hex.EncodeToString(contractId))
 	defer C.free(unsafe.Pointer(hexId))
 	if cErrMsg := C.vm_loadbuff(
@@ -222,6 +224,7 @@ func newExecutor(contract []byte, contractId []byte, stateSet *StateSet, ci *typ
 		ctrLog.Error().Err(ce.err).Str("contract", types.EncodeAddress(contractId)).Msg("failed to load code")
 		return ce
 	}
+	stateSet.service = bakupService
 
 	if isCreate == false {
 		C.vm_remove_constructor(ce.L)
@@ -254,6 +257,7 @@ func newExecutor(contract []byte, contractId []byte, stateSet *StateSet, ci *typ
 		}
 		C.vm_get_constructor(ce.L)
 		if C.vm_isnil(ce.L, C.int(-1)) == 1 {
+			ce.close()
 			return nil
 		}
 		ce.numArgs = C.int(len(ci.Args))
@@ -628,7 +632,7 @@ func PreloadEx(bs *state.BlockState, contractState *state.ContractState, contrac
 	}
 	if contractCode == nil {
 		contractCode = getContract(contractState, nil)
-		if contractCode != nil {
+		if contractCode != nil && bs != nil {
 			bs.CodeMap[contractAid] = contractCode
 		}
 	}
@@ -878,6 +882,10 @@ func (re *recoveryEntry) recovery() error {
 	if re.senderState != nil {
 		re.senderState.Nonce = re.senderNonce
 	}
+
+	if callState == nil {
+		return nil
+	}
 	if re.stateRevision != -1 {
 		err := callState.ctrState.Rollback(re.stateRevision)
 		if err != nil {

diff --git a/contract/vm_test.go b/contract/vm_test.go
@@ -3824,5 +3824,72 @@ abi.register(oom)`
 		t.Error(err)
 	}
 }
+func TestDeploy2(t *testing.T) {
+	deploy := `
+function hello()
+	src = [[
+state.var{
+  counts = state.array(10)
+}
+
+counts[1] = 10
+function inc(key)
+  if counts[key] == nil then
+    counts[key] = 0
+  end
+  counts[key] = counts[key] + 1
+end
+
+function get(key)
+  return counts[key]
+end
+
+function set(key,val)
+  counts[key] = val
+end
+
+function len()
+  return counts:length()
+end
+
+function iter()
+  local rv = {}
+  for i, v in counts:ipairs() do
+    if v == nil then
+      rv[i] = "nil"
+    else
+      rv[i] = v
+    end
+  end
+  return rv
+end
+
+abi.register(inc,get,set,len,iter)
+	]]
+	paddr = contract.deploy(src)
+	system.print("addr :", paddr)
+	ret = contract.call(paddr, "hello", "world", "key")
+end
+
+function constructor()
+end
+
+abi.register(hello)
+abi.payable(constructor)
+`
+	bc, _ := LoadDummyChain()
+	err := bc.ConnectBlock(
+		NewLuaTxAccount("ktlee", 1000000000000),
+		NewLuaTxDef("ktlee", "deploy", 50000000000, deploy),
+	)
+	if err != nil {
+		t.Error(err)
+	}
+	tx := NewLuaTxCall("ktlee", "deploy", 0, `{"Name":"hello"}`).Fail(`[Contract.LuaDeployContract]newExecutor Error :not permitted state referencing at global scope`)
+	err = bc.ConnectBlock(tx)
+	if err != nil {
+		t.Error(err)
+	}
+}
 
 // end of test-cases