You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

31 lines
754 B

rpc/jsonrpc: Unmarshal RPCRequest correctly (bp #6191) (#6193) * rpc/jsonrpc: Unmarshal RPCRequest correctly (#6191) i.e. without double pointer. With double pointer, it was possible to submit `null` value, which will crash the server. ``` panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x189ddc0] goroutine 1 [running]: github.com/tendermint/tendermint/rpc/jsonrpc/types.(*RPCRequest).UnmarshalJSON(0xc0000147e0, 0xc00029f201, 0x4, 0x1ff, 0x883baa0, 0xc0000147e0) /Users/anton/go/src/github.com/tendermint/tendermint/rpc/jsonrpc/types/types.go:70 +0x100 encoding/json.(*decodeState).literalStore(0xc000216bb0, 0xc00029f201, 0x4, 0x1ff, 0x1998800, 0xc0000147e0, 0x199, 0xc000231700, 0x10e0a5e, 0x197) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:860 +0x30ce encoding/json.(*decodeState).value(0xc000216bb0, 0x1998800, 0xc0000147e0, 0x199, 0x1998800, 0xc0000147e0) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:384 +0x40c encoding/json.(*decodeState).array(0xc000216bb0, 0x18df040, 0xc0001be540, 0x16, 0xc000216bd8, 0x10e405b) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:558 +0x365 encoding/json.(*decodeState).value(0xc000216bb0, 0x18df040, 0xc0001be540, 0x16, 0x16, 0x6e) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:360 +0x22f encoding/json.(*decodeState).unmarshal(0xc000216bb0, 0x18df040, 0xc0001be540, 0xc000216bd8, 0x0) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:180 +0x2c9 encoding/json.Unmarshal(0xc00029f200, 0x6, 0x200, 0x18df040, 0xc0001be540, 0x0, 0x0) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:107 +0x15d ``` (cherry picked from commit fe4e97afe0dc5f3afd5b550777d051b7c6c6f9a0) # Conflicts: # CHANGELOG_PENDING.md * fix conflict Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
  1. # Unreleased Changes
  2. ## v0.34.9
  3. Special thanks to external contributors on this release:
  4. Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
  5. ### BREAKING CHANGES
  6. - CLI/RPC/Config
  7. - Apps
  8. - P2P Protocol
  9. - Go API
  10. - [rpc/jsonrpc/server] \#6204 Modify `WriteRPCResponseHTTP(Error)` to return an error (@melekes)
  11. - Blockchain Protocol
  12. ### FEATURES
  13. - [rpc] \#6226 Index block events and expose a new RPC method, `/block_search`, to allow querying for blocks by `BeginBlock` and `EndBlock` events. (@alexanderbez)
  14. ### IMPROVEMENTS
  15. ### BUG FIXES
  16. - [rpc/jsonrpc/server] \#6191 Correctly unmarshal `RPCRequest` when data is `null` (@melekes)
  17. - [p2p] \#6289 Fix "unknown channels" bug on CustomReactors (@gchaincl)