Skip to content
This repository has been archived by the owner on Jun 11, 2024. It is now read-only.

Handle transport endpoints from malicious payload #4208

Closed
ManuGowda opened this issue Sep 5, 2019 · 0 comments
Closed

Handle transport endpoints from malicious payload #4208

ManuGowda opened this issue Sep 5, 2019 · 0 comments
Assignees
@shuse2
Labels
type: bug

Comments

@ManuGowda
Copy link
Contributor

ManuGowda commented Sep 5, 2019
edited
Loading

Expected behavior

  • If the payload is invalid, handle the exception and log accordingly and do not let it crash.
  • Also, please fix the Reason: [object Object]
  • Cover all the endpoint with a integration test, with positive and negative scenarios

Actual behavior

When a user emits a malicious payload to transport endpoint, the application validates and throws an error, and the error not being handled causes the node to crash due to unhandledRejection

13:19:20.796Z DEBUG lisk-framework:
    Received post block broadcast request in unexpected format { errors:
       [ { keyword: 'type',
           dataPath: '',
           schemaPath: '#/type',
           params: [Object],
           message: 'should be object' } ],
      module: 'transport',
      query:
       '{"block":{"version":1,"reward":200000000,"payloadHash":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","timestamp":103574530,"previousBlock":"13940227048585692600","generatorPublicKey":"eaa049295d96618c51eb30deffe7fc2cc8bfc13190cb97f3b513dd060b000a46","blockSignature":"a41a2786df5b446de04f4d369481f3e126f20e87b50a6557fda3ddb5ccfc2390adfd1015284bceae653660af0dca2fa76bdfbcde97a48ea994923e89ec949400EXTRADATAHERETOCRASHTHENODE","height":9171510,"id":"8390758977495702841","relays":4,"totalAmount":0,"totalFee":0,"numberOfTransactions":0,"payloadLength":0,"transactions":[]},"nonce":"3WRejz1OirEgUb4Z"}' }
13:19:20.803Z FATAL lisk-framework:
    System error: unhandledRejection : { message: '[object Object]',
      stack:
       'Error: [object Object]\n    at Transport.postBlock (/home/lisk/lisk-main/node_modules/lisk-framework/src/modules/chain/transport/transport.js:366:10)\n    at Immediate.channel.subscribe (/home/lisk/lisk-main/node_modules/lisk-framework/src/modules/chain/chain.js:183:22)\n    at runCallback (timers.js:706:11)\n    at tryOnImmediate (timers.js:676:5)\n    at processImmediate (timers.js:658:5)\n    at process.topLevelDomainCallback (domain.js:126:23)' }
13:19:20.807Z  INFO lisk-framework: Cleaning network...
13:19:20.805Z  INFO lisk-framework: Cleaning chain...
13:19:20.805Z DEBUG lisk-framework: Cache - Clean up database
13:19:20.806Z DEBUG lisk-framework: Cache - Quit database
13:19:20.806Z  INFO lisk-framework: Cleaned up successfully
13:19:20.804Z  INFO lisk-framework: Cleanup controller...
13:19:20.804Z ERROR lisk-framework: Reason: [object Object]

Steps to reproduce

  • Create socket client and emit malformed payload to postBlock endpoint

Which version(s) does this affect? (Environment, OS, etc...)

2.3.x
@shuse2 shuse2 mentioned this issue Sep 5, 2019
Merged
5 tasks
@shuse2 shuse2 self-assigned this Sep 6, 2019
shuse2 added a commit that referenced this issue Sep 6, 2019
@shuse2
Merge pull request #4211 from LiskHQ/4208-fix_event_handling
ca5f946 
Fix event handling - Closes #4208
@shuse2 shuse2 closed this as completed Sep 6, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@shuse2 shuse2

Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shuse2 @ManuGowda