Skip to content

Bad packets are misidentified via malicious discv4 message #31154

New issue
New issue
Open
Open
Bad packets are misidentified via malicious discv4 message#31154
Labels
type:bug
@1033309821

Description

@1033309821
1033309821
opened on Feb 11, 2025

System information

Geth version: `Geth v1.13.8
OS & Version: Ubuntu 22.04

Expected behaviour

The mutated discv4 message should not be recognized and discarded.In order to facilitate the testing of the network layer protocol, we still use the old version of the geth client.

Actual behaviour

  1. We found that when sending ping packets through the fuzz testing tool, the other node will accept them as ENRRequest packets, and then the other node will reply to us with ENRResponse, triggering "Match failed: from=true, type=false, ip=true" in listen_loop.go. However, when testing findnode packets, geth will not recognize them as ENRRequest packets.
  2. If the -discv5 option of geth is turned on, bad discv4 packets will also be recognized as bad discv5 packets by geth.

Steps to reproduce the behaviour

You can use the D2PFuzz tool we developed. ./D2PFuzz bench --protocol "discv4" --target ./test/enode_geth.txt --chain ./test/ethdata --count 1 --ptype "ping". enode_geth.txt should be replaced with the node address being tested.

Backtrace

DEBUG[02-11|03:55:27.262] Current full block not old enough to freeze number=500 hash=36a166..092ef7 delay=90000
TRACE[02-11|03:55:33.520] << PING/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:33.520] >> PONG/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:33.520] >> PING/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:33.529] << PONG/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
DEBUG[02-11|03:55:33.530] Bad discv4 packet                        addr=10.130.145.81:64492  err="rlp: expected input list for v4wire.Endpoint, decoding into (v4wire.Pong).To"
DEBUG[02-11|03:55:33.530] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
TRACE[02-11|03:55:33.613] >> PING/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:33.617] << PONG/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:33.617] >> ENRREQUEST/v4                         id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
DEBUG[02-11|03:55:33.629] Bad discv4 packet                        addr=10.130.145.81:64492  err="unknown type: 0"
DEBUG[02-11|03:55:33.630] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
TRACE[02-11|03:55:33.731] << ENRREQUEST/v4                         id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:33.731] >> ENRRESPONSE/v4                        id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
DEBUG[02-11|03:55:33.833] Bad discv4 packet                        addr=10.130.145.81:64492  err="rlp: input string too short for v4wire.Pubkey, decoding into (v4wire.Findnode).Target"
DEBUG[02-11|03:55:33.833] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
DEBUG[02-11|03:55:33.933] Bad discv4 packet                        addr=10.130.145.81:64492  err="rlp: expected input list for []v4wire.Node, decoding into (v4wire.Neighbors).Nodes"
DEBUG[02-11|03:55:33.933] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
DEBUG[02-11|03:55:34.034] Bad discv4 packet                        addr=10.130.145.81:64492  err="unknown type: 7"
DEBUG[02-11|03:55:34.034] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
TRACE[02-11|03:55:34.102] Discarding dial candidate                id=de6fb2edb66f6c9c ip=10.130.145.81  reason="node does not provide TCP port"
INFO [02-11|03:55:34.102] Looking for peers                        peercount=0 tried=0 static=0
TRACE[02-11|03:55:34.102] >> FINDNODE/v4                           id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
DEBUG[02-11|03:55:34.118] ENR request failed                       id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err="RPC timeout"
DEBUG[02-11|03:55:34.118] Revalidated node                         b=15 id=de6fb2edb66f6c9c checks=1
TRACE[02-11|03:55:34.134] << ENRREQUEST/v4                         id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=expired
DEBUG[02-11|03:55:34.135] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
TRACE[02-11|03:55:34.236] << PING/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=expired
DEBUG[02-11|03:55:34.236] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
TRACE[02-11|03:55:34.335] << PING/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:34.335] >> PONG/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
DEBUG[02-11|03:55:34.436] Bad discv4 packet                        addr=10.130.145.81:64492  err="rlp: expected input list for v4wire.Endpoint, decoding into (v4wire.Pong).To"
DEBUG[02-11|03:55:34.436] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
DEBUG[02-11|03:55:34.536] Bad discv4 packet                        addr=10.130.145.81:64492  err="unknown type: 7"
DEBUG[02-11|03:55:34.536] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
TRACE[02-11|03:55:34.603] FINDNODE failed                          id=de6fb2edb66f6c9c failcount=1    dropped=false err="RPC timeout"
TRACE[02-11|03:55:34.603] >> FINDNODE/v4                           id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:34.603] Discarding dial candidate                id=de6fb2edb66f6c9c ip=10.130.145.81  reason="node does not provide TCP port"
TRACE[02-11|03:55:34.636] << PING/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=expired
DEBUG[02-11|03:55:34.636] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
DEBUG[02-11|03:55:34.737] Bad discv4 packet                        addr=10.130.145.81:64492  err="unknown type: 0"
DEBUG[02-11|03:55:34.737] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
DEBUG[02-11|03:55:34.838] Bad discv4 packet                        addr=10.130.145.81:64492  err="unknown type: 0"
DEBUG[02-11|03:55:34.838] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
TRACE[02-11|03:55:34.937] << ENRREQUEST/v4                         id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:34.937] >> ENRRESPONSE/v4                        id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:35.038] << ENRREQUEST/v4                         id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:35.038] >> ENRRESPONSE/v4                        id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:35.104] FINDNODE failed                          id=de6fb2edb66f6c9c failcount=2    dropped=false err="RPC timeout"
TRACE[02-11|03:55:35.104] Discarding dial candidate                id=de6fb2edb66f6c9c ip=10.130.145.81  reason="node does not provide TCP port"
TRACE[02-11|03:55:35.104] >> FINDNODE/v4                           id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
DEBUG[02-11|03:55:35.138] Bad discv4 packet                        addr=10.130.145.81:64492  err="unknown type: 0"
DEBUG[02-11|03:55:35.138] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
DEBUG[02-11|03:55:35.238] Bad discv4 packet                        addr=10.130.145.81:64492  err="unknown type: 0"
DEBUG[02-11|03:55:35.238] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
TRACE[02-11|03:55:35.338] << ENRREQUEST/v4                         id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=expired
DEBUG[02-11|03:55:35.338] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
TRACE[02-11|03:55:35.438] << ENRREQUEST/v4                         id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=expired
DEBUG[02-11|03:55:35.438] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
DEBUG[02-11|03:55:35.538] Bad discv4 packet                        addr=10.130.145.81:64492  err="rlp: input string too short for v4wire.Pubkey, decoding into (v4wire.Findnode).Target"
DEBUG[02-11|03:55:35.538] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
TRACE[02-11|03:55:35.604] FINDNODE failed                          id=de6fb2edb66f6c9c failcount=3    dropped=false err="RPC timeout"
TRACE[02-11|03:55:35.604] Discarding dial candidate                id=de6fb2edb66f6c9c ip=10.130.145.81  reason="node does not provide TCP port"
TRACE[02-11|03:55:35.604] >> FINDNODE/v4                           id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=<nil>
TRACE[02-11|03:55:35.639] << PING/v4                               id=de6fb2edb66f6c9c addr=10.130.145.81:64492  err=expired
DEBUG[02-11|03:55:35.639] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
DEBUG[02-11|03:55:35.739] Bad discv4 packet                        addr=10.130.145.81:64492  err="rlp: input string too short for v4wire.Pubkey, decoding into (v4wire.Findnode).Target"
DEBUG[02-11|03:55:35.739] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"
DEBUG[02-11|03:55:35.839] Bad discv4 packet                        addr=10.130.145.81:64492  err="unknown type: 7"
DEBUG[02-11|03:55:35.839] Bad discv5 packet                        id=0000000000000000 addr=10.130.145.81:64492  err="invalid packet header"

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    type:bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions