rpc/jsonrpc: Unmarshal RPCRequest correctly (#6191)

i.e. without double pointer. With double pointer, it was possible to submit `null` value, which will crash the server. ``` panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x189ddc0] goroutine 1 [running]: github.com/tendermint/tendermint/rpc/jsonrpc/types.(*RPCRequest).UnmarshalJSON(0xc0000147e0, 0xc00029f201, 0x4, 0x1ff, 0x883baa0, 0xc0000147e0) /Users/anton/go/src/github.com/tendermint/tendermint/rpc/jsonrpc/types/types.go:70 +0x100 encoding/json.(*decodeState).literalStore(0xc000216bb0, 0xc00029f201, 0x4, 0x1ff, 0x1998800, 0xc0000147e0, 0x199, 0xc000231700, 0x10e0a5e, 0x197) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:860 +0x30ce encoding/json.(*decodeState).value(0xc000216bb0, 0x1998800, 0xc0000147e0, 0x199, 0x1998800, 0xc0000147e0) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:384 +0x40c encoding/json.(*decodeState).array(0xc000216bb0, 0x18df040, 0xc0001be540, 0x16, 0xc000216bd8, 0x10e405b) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:558 +0x365 encoding/json.(*decodeState).value(0xc000216bb0, 0x18df040, 0xc0001be540, 0x16, 0x16, 0x6e) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:360 +0x22f encoding/json.(*decodeState).unmarshal(0xc000216bb0, 0x18df040, 0xc0001be540, 0xc000216bd8, 0x0) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:180 +0x2c9 encoding/json.Unmarshal(0xc00029f200, 0x6, 0x200, 0x18df040, 0xc0001be540, 0x0, 0x0) /usr/local/Cellar/go/1.16/libexec/src/encoding/json/decode.go:107 +0x15d ```
2026-01-09 06:33:16 +00:00 · 2021-03-02 14:25:52 +04:00
parent ddba7f931a
commit fe4e97afe0
2 changed files with 10 additions and 5 deletions
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -71,7 +71,7 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
 - [rpc/client/http] \#6163 Do not drop events even if the `out` channel is full (@melekes)
 - [node] \#6059 Validate and complete genesis doc before saving to state store (@silasdavis)
 - [state] \#6067 Batch save state data (@githubsands & @cmwaters)
- [privval/file] \#6185 Return error on `LoadFilePV`, `LoadFilePVEmptyState`. Allows for better programmatic control of Tendermint. 
+- [privval/file] \#6185 Return error on `LoadFilePV`, `LoadFilePVEmptyState`. Allows for better programmatic control of Tendermint.

 ### BUG FIXES

@@ -79,3 +79,4 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
 - [privval] \#5638 Increase read/write timeout to 5s and calculate ping interval based on it (@JoeKash)
 - [blockchain/v1] [\#5701](https://github.com/tendermint/tendermint/pull/5701) Handle peers without blocks (@melekes)
 - [blockchain/v1] \#5711 Fix deadlock (@melekes)
+- [rpc/jsonrpc/server] \#6191 Correctly unmarshal `RPCRequest` when data is `null` (@melekes)
--- a/rpc/jsonrpc/types/types.go
+++ b/rpc/jsonrpc/types/types.go
@@ -57,27 +57,31 @@ type RPCRequest struct {

 // UnmarshalJSON custom JSON unmarshaling due to jsonrpcid being string or int
 func (req *RPCRequest) UnmarshalJSON(data []byte) error {
-	unsafeReq := &struct {
+	unsafeReq := struct {
 		JSONRPC string          `json:"jsonrpc"`
 		ID      interface{}     `json:"id,omitempty"`
 		Method  string          `json:"method"`
 		Params  json.RawMessage `json:"params"` // must be map[string]interface{} or []interface{}
 	}{}
+
 	err := json.Unmarshal(data, &unsafeReq)
 	if err != nil {
 		return err
 	}
+
+	if unsafeReq.ID == nil { // notification
+		return nil
+	}
+
 	req.JSONRPC = unsafeReq.JSONRPC
 	req.Method = unsafeReq.Method
 	req.Params = unsafeReq.Params
-	if unsafeReq.ID == nil {
-		return nil
-	}
 	id, err := idFromInterface(unsafeReq.ID)
 	if err != nil {
 		return err
 	}
 	req.ID = id
+
 	return nil
 }