Merge pull request #1623 from filecoin-project/asr/validate

caller must be validated exactly once
2020-04-28 09:06:28 -07:00 · 2020-04-28 09:06:28 -07:00 · 3ec736bc04
commit 3ec736bc04
parent e65d293ba4 5900d765fd
3 changed files with 19 additions and 1 deletions
--- a/chain/stmgr/forks_test.go
+++ b/chain/stmgr/forks_test.go
@ -74,7 +74,7 @@ func (ta *testActor) Exports() []interface{} {
 }

 func (ta *testActor) Constructor(rt runtime.Runtime, params *adt.EmptyValue) *adt.EmptyValue {
-
+	rt.ValidateImmediateCallerAcceptAny()
 	rt.State().Create(&testActorState{11})
 	fmt.Println("NEW ACTOR ADDRESS IS: ", rt.Message().Receiver())

@ -82,6 +82,7 @@ func (ta *testActor) Constructor(rt runtime.Runtime, params *adt.EmptyValue) *ad
 }

 func (ta *testActor) TestMethod(rt runtime.Runtime, params *adt.EmptyValue) *adt.EmptyValue {
+	rt.ValidateImmediateCallerAcceptAny()
 	var st testActorState
 	rt.State().Readonly(&st)

--- a/chain/vm/runtime.go
+++ b/chain/vm/runtime.go
@ -53,6 +53,7 @@ type Runtime struct {
 	internalExecutions []*types.ExecutionResult
 	numActorsCreated   uint64
 	allowInternal      bool
+	callerValidated    bool
 }

 func (rt *Runtime) TotalFilCircSupply() abi.TokenAmount {
@ -141,6 +142,11 @@ func (rs *Runtime) shimCall(f func() interface{}) (rval []byte, aerr aerrors.Act
 	}()

 	ret := f()
+
+	if !rs.callerValidated {
+		rs.Abortf(exitcode.SysErrorIllegalActor, "Caller MUST be validated during method execution")
+	}
+
 	switch ret := ret.(type) {
 	case []byte:
 		return ret, nil
@ -164,6 +170,7 @@ func (rs *Runtime) Message() vmr.Message {
 }

 func (rs *Runtime) ValidateImmediateCallerAcceptAny() {
+	rs.abortIfAlreadyValidated()
 	return
 }

@ -267,6 +274,7 @@ func (rs *Runtime) StartSpan(name string) vmr.TraceSpan {
 }

 func (rt *Runtime) ValidateImmediateCallerIs(as ...address.Address) {
+	rt.abortIfAlreadyValidated()
 	imm := rt.Message().Caller()

 	for _, a := range as {
@ -291,6 +299,7 @@ func (rs *Runtime) AbortStateMsg(msg string) {
 }

 func (rt *Runtime) ValidateImmediateCallerType(ts ...cid.Cid) {
+	rt.abortIfAlreadyValidated()
 	callerCid, ok := rt.GetActorCodeCID(rt.Message().Caller())
 	if !ok {
 		panic(aerrors.Fatalf("failed to lookup code cid for caller"))
@ -494,3 +503,10 @@ func (rt *Runtime) Pricelist() Pricelist {
 func (rt *Runtime) incrementNumActorsCreated() {
 	rt.numActorsCreated++
 }
+
+func (rt *Runtime) abortIfAlreadyValidated() {
+	if rt.callerValidated {
+		rt.Abortf(exitcode.SysErrorIllegalActor, "Method must validate caller identity exactly once")
+	}
+	rt.callerValidated = true
+}
--- a/chain/vm/vm.go
+++ b/chain/vm/vm.go
@ -101,6 +101,7 @@ func (vm *VM) makeRuntime(ctx context.Context, msg *types.Message, origin addres
 		numActorsCreated: nac,
 		pricelist:        PricelistByEpoch(vm.blockHeight),
 		allowInternal:    true,
+		callerValidated:  false,
 	}

 	rt.cst = &cbor.BasicIpldStore{