Skip to content

wallet: Add size check on meta.key_origin.path #23277

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

wallet: Add size check on meta.key_origin.path #23277

wants to merge 2 commits into from

Conversation

rooprob
Copy link
Contributor

@rooprob rooprob commented Oct 14, 2021
edited
Loading

Resolves #21605 segfault on legacy wallet

I also encountered same [*] when resyncing a 2017 era blockchain.

laanwj
laanwj reviewed Oct 14, 2021
View reviewed changes
src/wallet/scriptpubkeyman.cpp Outdated
@@ -374,7 +374,7 @@ void LegacyScriptPubKeyMan::MarkUnusedAddresses(const CScript& script)
auto it = mapKeyMetadata.find(keyid);
if (it != mapKeyMetadata.end()){
CKeyMetadata meta = it->second;
if (!meta.hd_seed_id.IsNull() && meta.hd_seed_id != m_hd_chain.seed_id) {
if (!meta.hd_seed_id.IsNull() && meta.hd_seed_id != m_hd_chain.seed_id && meta.key_origin.path.size() > 0) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't meta.key_origin.path.size() >= 3 be better if the worry is to go out of range here? Might also log a warning when this happens as it means (I guess?) that the wallet is somehow corrupted.

@laanwj
Copy link
Member

laanwj commented Oct 14, 2021

Concept ACK, I agree this shouldn't cause a crash.

@rooprob
Add size check on meta.key_origin.path
d58118f 
Resolves segfault on legacy wallet

Log warning when meta.key_origin.path is below expected size
@rooprob rooprob force-pushed the bugfix/21605-segfault-in-legacyscriptpubkeyman branch from e3ac2c0 to d58118f Compare October 14, 2021 22:42
@fanquake fanquake requested a review from achow101 October 15, 2021 01:48
@achow101
Copy link
Member

achow101 commented Oct 15, 2021
edited
Loading

The root cause of the problem this is fixing is that the wallet does not contain the upgraded key metadata because it is encrypted and has not been unlocked yet, and a transaction was found that involved inactive HD chains. So this segfault can be triggered with a non-corrupted wallet. I don't think it is necessarily correct to log an error and move on as doing so could result in missing funds.

To avoid the crash, I think access to meta.key_origin.path should be guarded by both the length check and meta.has_key_origin. Then if has_key_origin == false, meta.hdKeypath can be used to figure out what to derive. This would avoid the segfault while not losing any functionality.

@rooprob
Copy link
Contributor Author

rooprob commented Oct 15, 2021
edited
Loading

when I encountered this, this was the state of meta,

(gdb)
p meta
$1 = {static VERSION_BASIC = 1, static VERSION_WITH_HDDATA = 10, static VERSION_WITH_KEY_ORIGIN = 12, 
  static CURRENT_VERSION = 12, nVersion = 10, nCreateTime = 1509688921, hdKeypath = "m/0'/0'/0'", 
  hd_seed_id = {<uint160> = {<base_blob<160>> = {static WIDTH = 20, 
        m_data = "4\264Y\351....", <incomplete sequence \313>}, <No data fields>}, <No data fields>}, key_origin = {fingerprint = "\000\000\000", path = std::vector of length 0, capacity 0}, has_key_origin = false}
(gdb)

@maflcko maflcko changed the title Add size check on meta.key_origin.path wallet: Add size check on meta.key_origin.path Oct 15, 2021
@achow101
Copy link
Member

when I encountered this, this was the state of meta,

This matches what I expect. The meta is not upgraded (nVersion is 10, not 12, and has_key_origin is false).

@achow101
Copy link
Member

Please squash your commits.

I will implement the derivation from the keypath string in a followup PR as that is a bit more complicated to deal with.

@achow101 achow101 mentioned this pull request Oct 18, 2021
Merged
@DrahtBot
Copy link
Contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #23304 (wallet: Derive inactive HD chains in addtional places by achow101)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@maflcko
Copy link
Member

maflcko commented Oct 19, 2021

Please squash your commits according to https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#squashing-commits

@achow101
Copy link
Member

achow101 commented Nov 2, 2021

@rooprob Are you planning on continuing to work on this PR? If not, I can take it over in #23304

@rooprob
Copy link
Contributor Author

rooprob commented Nov 3, 2021

@rooprob Are you planning on continuing to work on this PR? If not, I can take it over in #23304

I think it's better to follow up in your PR. I shall withdraw this PR.

Thanks for picking this up in #23304

@rooprob rooprob closed this Nov 3, 2021
@bitcoin bitcoin locked and limited conversation to collaborators Nov 3, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@laanwj laanwj laanwj left review comments

@achow101 achow101 Awaiting requested review from achow101

Assignees
No one assigned
Labels
Wallet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

wallet: Segmentation fault during sync
6 participants
@rooprob @laanwj @achow101 @DrahtBot @maflcko @fanquake