rpc/jsonrpc: Unmarshal RPCRequest correctly (bp #6191) (#6193)
* rpc/jsonrpc: Unmarshal RPCRequest correctly (#6191)
i.e. without double pointer. With double pointer, it was possible to
submit `null` value, which will crash the server.
```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x189ddc0]
goroutine 1 [running]:
github.com/tendermint/tendermint/rpc/jsonrpc/types.(*RPCRequest).UnmarshalJSON(0xc0000147e0, 0xc00029f201, 0x4, 0x1ff, 0x883baa0, 0xc0000147e0)
/Users/anton/go/src/github.com/tendermint/tendermint/rpc/jsonrpc/types/types.go:70 +0x100
encoding/json.(*decodeState).literalStore(0xc000216bb0, 0xc00029f201, 0x4, 0x1ff, 0x1998800, 0xc0000147e0, 0x199, 0xc000231700, 0x10e0a5e, 0x197)
/usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:860 +0x30ce
encoding/json.(*decodeState).value(0xc000216bb0, 0x1998800, 0xc0000147e0, 0x199, 0x1998800, 0xc0000147e0)
/usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:384 +0x40c
encoding/json.(*decodeState).array(0xc000216bb0, 0x18df040, 0xc0001be540, 0x16, 0xc000216bd8, 0x10e405b)
/usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:558 +0x365
encoding/json.(*decodeState).value(0xc000216bb0, 0x18df040, 0xc0001be540, 0x16, 0x16, 0x6e)
/usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:360 +0x22f
encoding/json.(*decodeState).unmarshal(0xc000216bb0, 0x18df040, 0xc0001be540, 0xc000216bd8, 0x0)
/usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:180 +0x2c9
encoding/json.Unmarshal(0xc00029f200, 0x6, 0x200, 0x18df040, 0xc0001be540, 0x0, 0x0)
/usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:107 +0x15d
```
(cherry picked from commit fe4e97afe0dc5f3afd5b550777d051b7c6c6f9a0)
# Conflicts:
# CHANGELOG_PENDING.md
* fix conflict
Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com> 4 years ago |
|
- # Unreleased Changes
-
- ## v0.34.9
-
- Special thanks to external contributors on this release:
-
- Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
- ### BREAKING CHANGES
-
- - CLI/RPC/Config
-
- - Apps
-
- - P2P Protocol
-
- - Go API
- - [rpc/jsonrpc/server] \#6204 Modify `WriteRPCResponseHTTP(Error)` to return an error (@melekes)
-
- - Blockchain Protocol
-
- ### FEATURES
-
- - [rpc] \#6226 Index block events and expose a new RPC method, `/block_search`, to allow querying for blocks by `BeginBlock` and `EndBlock` events. (@alexanderbez)
-
- ### IMPROVEMENTS
-
- ### BUG FIXES
-
- - [rpc/jsonrpc/server] \#6191 Correctly unmarshal `RPCRequest` when data is `null` (@melekes)
- - [p2p] \#6289 Fix "unknown channels" bug on CustomReactors (@gchaincl)
|