From dd09c2bac7e720c2810d77beac1406dc41463512 Mon Sep 17 00:00:00 2001 From: Ben Arena Date: Mon, 2 Oct 2023 22:46:36 -0700 Subject: [PATCH 1/2] enforce the signature list size to prevent index out of bounds --- .../kotlin/io/provenance/client/grpc/AbstractPbClient.kt | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/client/src/main/kotlin/io/provenance/client/grpc/AbstractPbClient.kt b/client/src/main/kotlin/io/provenance/client/grpc/AbstractPbClient.kt index fcf7c59..e4b81aa 100644 --- a/client/src/main/kotlin/io/provenance/client/grpc/AbstractPbClient.kt +++ b/client/src/main/kotlin/io/provenance/client/grpc/AbstractPbClient.kt @@ -121,11 +121,15 @@ open class AbstractPbClient>( gasEstimate: GasEstimate, mode: ServiceOuterClass.BroadcastMode = ServiceOuterClass.BroadcastMode.BROADCAST_MODE_SYNC, txHashHandler: PreBroadcastTxHashHandler? = null, - signatures: List = emptyList(), + signatures: List = List(baseReq.signers.size) { null }, ): ServiceOuterClass.BroadcastTxResponse { val authInfoBytes = baseReq.buildAuthInfo(gasEstimate).toByteString() val txBodyBytes = baseReq.body.toByteString() + require(signatures.size == baseReq.signers.size) { + "The number of signatures must match the number of signers" + } + val txRaw = baseReq.signers.mapIndexed { index, baseReqSigner -> signatures[index]?.takeIf { it.isNotEmpty() } ?: baseReqSigner.signer.sign( @@ -169,7 +173,7 @@ open class AbstractPbClient>( feeGranter: String? = null, feePayer: String? = null, txHashHandler: PreBroadcastTxHashHandler? = null, - signatures: List = emptyList(), + signatures: List = List(signers.size) { null }, ): ServiceOuterClass.BroadcastTxResponse = baseRequest( txBody = txBody, From 59c4f71a50736a153ca055e07d017d366cab8f42 Mon Sep 17 00:00:00 2001 From: Ben Arena Date: Mon, 2 Oct 2023 22:46:36 -0700 Subject: [PATCH 2/2] enforce the signature list size to prevent index out of bounds --- .../main/kotlin/io/provenance/client/grpc/AbstractPbClient.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/main/kotlin/io/provenance/client/grpc/AbstractPbClient.kt b/client/src/main/kotlin/io/provenance/client/grpc/AbstractPbClient.kt index e4b81aa..01bbc46 100644 --- a/client/src/main/kotlin/io/provenance/client/grpc/AbstractPbClient.kt +++ b/client/src/main/kotlin/io/provenance/client/grpc/AbstractPbClient.kt @@ -127,7 +127,7 @@ open class AbstractPbClient>( val txBodyBytes = baseReq.body.toByteString() require(signatures.size == baseReq.signers.size) { - "The number of signatures must match the number of signers" + "The number of signatures must match the number of signers. A null/empty signature entry will sign using the Signer implementation." } val txRaw = baseReq.signers.mapIndexed { index, baseReqSigner ->