DoS via malicious p2p message, upstream CVE-2022-29177

[diwu1989]

Describe the bug
KCC's implementation of the p2p disc message deserialization is vulnerable to the same CVE as reported upstream in CVE-2022-29177

The fix is quite simple, please take the time to cherrypick ethereum#24507

If you are so kind as to provide a bug bounty for this heads up, feel free to donate some tokens to 0xD736B7c9eB18EaE030fA229DD0EC32694De36eA8

I do use Kucoin so some Kucoin tokens would be VERY much appreciated, thank you!

Much appreciated and hope you cherrypick the fix.

[junnmm]

@diwu1989

Hi, Thank you VERY much for your report.

We have already contacted the operators of all those validators. They are all using a default logging level of "INFO", which makes their node not vulnerable to this attack.

We will cherry-pick the fix later.

We would like to buy you a coffee. We have sent 1 sKCS token to your wallet.
The sKCS token is a new dapp on KCC chain. It is an interest-bearing token. As time goes by, you can exchange more KCS back with your sKCS token. You can find more info on https://skcs.io/home

The TX hash is : https://scan.kcc.io/tx/0x947adb12a415188d56d6c7df117fdb313a9c2ebda11c24000bfd42d33b450f8e

Best Regards.
KCC Team.

[junnmm]

Review from the KCC Team

The DiscReason was an alias type of "unit", a malicious node could build a Disc Message with DiscReason == 0xFFFFFFFFFFFFFFFF and send it to the vulnerable node.

kcc/p2p/peer_error.go

Line 57 in a4ba265

type DiscReason uint

If the vulnerable node uses a logging level of "Debug" or "Trace", the node will try to print the error out. However, to print the error out, the method "String()" of the DiscReason type will be called, which will crash the node:

kcc/p2p/peer_error.go

Lines 91 to 96 in a4ba265

	func (d DiscReason) String() string {
	if len(discReasonToString) < int(d) {
	return fmt.Sprintf("unknown disconnect reason %d", d)
	}
	return discReasonToString[d]
	}

An "index out of range" runtime error will occur on Line 95.