From 10c855efef0c40ccac5cd1b47e1d6e5cf6eb4fc3 Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <evgeniy@nspcc.ru>
Date: Fri, 22 Jul 2022 17:04:37 +0300
Subject: [PATCH] [#1624] go.mod: Update dependencies

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
---
 cmd/neofs-cli/modules/control/util.go         |   2 +-
 docs/release-instruction.md                   |   8 +++----
 go.mod                                        |   4 ++--
 go.sum                                        | Bin 94540 -> 94319 bytes
 pkg/morph/client/container/eacl.go            |   5 ++--
 pkg/morph/client/container/get.go             |   7 ++----
 pkg/services/container/morph/executor.go      |  12 +++++++---
 pkg/services/container/morph/executor_test.go |  22 +++++++++++++++++-
 pkg/services/control/ir/server/sign.go        |   4 +++-
 pkg/services/control/server/sign.go           |   4 +++-
 pkg/services/netmap/executor.go               |   9 +++++--
 pkg/services/object/get/v2/util.go            |   4 +++-
 pkg/services/tree/signature.go                |   4 +++-
 13 files changed, 60 insertions(+), 25 deletions(-)

diff --git a/cmd/neofs-cli/modules/control/util.go b/cmd/neofs-cli/modules/control/util.go
index 38925121bd..d700d6aa09 100644
--- a/cmd/neofs-cli/modules/control/util.go
+++ b/cmd/neofs-cli/modules/control/util.go
@@ -38,7 +38,7 @@ func verifyResponse(cmd *cobra.Command,
 	sigV2.SetSign(sigControl.GetSign())
 
 	var sig neofscrypto.Signature
-	sig.ReadFromV2(sigV2)
+	common.ExitOnErr(cmd, "can't read signature: %w", sig.ReadFromV2(sigV2))
 
 	if !sig.Verify(body.StableMarshal(nil)) {
 		common.ExitOnErr(cmd, "", errors.New("invalid response signature"))
diff --git a/docs/release-instruction.md b/docs/release-instruction.md
index 82dab329c0..242a61ace4 100644
--- a/docs/release-instruction.md
+++ b/docs/release-instruction.md
@@ -12,14 +12,14 @@ These should run successfully:
 
 ## Writing changelog
 
-Add an entry to the `CHANGELOG.md` following the style established there. Add an 
+Add an entry to the `CHANGELOG.md` following the style established there. Add an
 optional codename, version and release date in the heading. Write a paragraph
 describing the most significant changes done in this release. Add
 `Fixed`, `Added`, `Removed` and `Updated` sections with fixed bug descriptions
 and changes. Describe each change in detail with a reference to GitHub issues if
-possible. 
+possible.
 
-Update the supported version of neofs-contract in `README.md` if there were 
+Update the supported version of neofs-contract in `README.md` if there were
 changes in releases.
 
 ## Tag the release
@@ -66,7 +66,7 @@ Close corresponding vX.Y.Z GitHub milestone.
 
 ## Post-release
 
-Prepare pull-request for 
+Prepare pull-request for
 [neofs-devenv](https://github.com/nspcc-dev/neofs-devenv).
 
 Rebuild NeoFS LOCODE database via CLI `util locode generate` command (if needed).
diff --git a/go.mod b/go.mod
index adfcca31f9..ae821b7ff6 100644
--- a/go.mod
+++ b/go.mod
@@ -18,8 +18,8 @@ require (
 	github.com/nspcc-dev/neo-go v0.99.1-pre.0.20220714084516-54849ef3e58e
 	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220713145417-4f184498bc42 // indirect
 	github.com/nspcc-dev/neofs-api-go/v2 v2.13.0
-	github.com/nspcc-dev/neofs-contract v0.15.1
-	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.5.0.20220706151041-0d862d8568a4
+	github.com/nspcc-dev/neofs-contract v0.15.3
+	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.5.0.20220725101411-90f1cc7a1a77
 	github.com/nspcc-dev/tzhash v1.6.1
 	github.com/panjf2000/ants/v2 v2.4.0
 	github.com/paulmach/orb v0.2.2
diff --git a/go.sum b/go.sum
index ffdf4dd5c9ba5a70692b3edecaff8974760688ea..c7b4a7e38c7301e41e1b295ed3bc8d1772770603 100644
GIT binary patch
delta 317
zcmX@}i1qyg)(yUWljZtVC!g(mG<nSgvCZxiI+zTM6*3I1%(eZ>D?>^u+#K^fQ_HFh
zGJ^CYDgx8Yf{a|VjEa-9!h(#F^76d$GMs!TH%=Fy%s-KB@_|YGX2$yI`FgqeDIhbP
zBEq6Vqe8tZigI&ZTtm`xB0M}Tv`t-t)AKA$oGdF%UGjs&3th7!ohLt>D7U$Oau1V>
zk*T49p^2fPuBAbmVREv0qG6)BImj?)i$EXaf>1yGz$kP7ln8%6*DxcuKy9zY+=zUq
zr2Mk7sLaZoaDV4Cr+m1BK1`MN#%dsvBaJPClbrLl14BIx!o7k`%)^SqO@f`nGyKc*
dy!;9RgDWkH++E%ElT6E!f#xc0{xU7%761%}ZF2ws

delta 398
zcmZwByH3JT0LJl1LNvz2$v6-boe8w(wCA+Am<qJeQd(%kZ7Z$ZDwk6cEu*_&XmodX
zFzKeR;1f6*<L)a6x-htW+xO4!`y=}H8GTk~JfDPAdzkDGox=_|R%!~7uUe*Gk*68U
zGtwC%T8dX`wka~D8>cR`8DTsn1`3WAv7mpu85U++8+!}{0IVi~Ahub^SQwz-YhDWZ
z`AdWbt2Xc;H)ah<5xFYR%et0tbv-*<%T0uW*(uhGR@;mld8=s)!Q<UQaI)Ctz?#jy
z)=<MF&Qu(fRa90dYFz9%aYm9nd5DF+1RK7P($a*Ke*dq*cKEcoiDc-d1<))=&<>BG
z!z0XF>`Igq5H6vri+dBg7^je*a$R^y7qS&f=LUs~w9busCZgM;KhgX?ru-XQQ!2#w
r>#|8z{U&ltUS7a1uI0_4aYiIp(tCBSdtON^qLp1XXZzvKgZ=&kP6~o6

diff --git a/pkg/morph/client/container/eacl.go b/pkg/morph/client/container/eacl.go
index 8d8bd5958f..c65c0cffc2 100644
--- a/pkg/morph/client/container/eacl.go
+++ b/pkg/morph/client/container/eacl.go
@@ -87,7 +87,6 @@ func (c *Client) GetEACL(cnr cid.ID) (*container.EACL, error) {
 	sigV2.SetSign(sig)
 	sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
 
-	res.Signature.ReadFromV2(sigV2)
-
-	return &res, nil
+	err = res.Signature.ReadFromV2(sigV2)
+	return &res, err
 }
diff --git a/pkg/morph/client/container/get.go b/pkg/morph/client/container/get.go
index 3ebb57a55d..9649c51a52 100644
--- a/pkg/morph/client/container/get.go
+++ b/pkg/morph/client/container/get.go
@@ -12,7 +12,6 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
-	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 )
 
@@ -109,8 +108,6 @@ func (c *Client) Get(cid []byte) (*containercore.Container, error) {
 	sigV2.SetSign(sigBytes)
 	sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
 
-	var sig neofscrypto.Signature
-	sig.ReadFromV2(sigV2)
-
-	return &cnr, nil
+	err = cnr.Signature.ReadFromV2(sigV2)
+	return &cnr, err
 }
diff --git a/pkg/services/container/morph/executor.go b/pkg/services/container/morph/executor.go
index 79923201f2..dd7dc072d4 100644
--- a/pkg/services/container/morph/executor.go
+++ b/pkg/services/container/morph/executor.go
@@ -69,7 +69,10 @@ func (s *morphExecutor) Put(_ context.Context, tokV2 *sessionV2.Token, body *con
 		return nil, fmt.Errorf("invalid container: %w", err)
 	}
 
-	cnr.Signature.ReadFromV2(*sigV2)
+	err = cnr.Signature.ReadFromV2(*sigV2)
+	if err != nil {
+		return nil, fmt.Errorf("can't read signature: %w", err)
+	}
 
 	if tokV2 != nil {
 		cnr.Session = new(session.Container)
@@ -214,7 +217,10 @@ func (s *morphExecutor) SetExtendedACL(ctx context.Context, tokV2 *sessionV2.Tok
 		Value: eaclSDK.NewTableFromV2(body.GetEACL()),
 	}
 
-	eaclInfo.Signature.ReadFromV2(*sigV2)
+	err := eaclInfo.Signature.ReadFromV2(*sigV2)
+	if err != nil {
+		return nil, fmt.Errorf("can't read signature: %w", err)
+	}
 
 	if tokV2 != nil {
 		eaclInfo.Session = new(session.Container)
@@ -225,7 +231,7 @@ func (s *morphExecutor) SetExtendedACL(ctx context.Context, tokV2 *sessionV2.Tok
 		}
 	}
 
-	err := s.wrt.PutEACL(eaclInfo)
+	err = s.wrt.PutEACL(eaclInfo)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/services/container/morph/executor_test.go b/pkg/services/container/morph/executor_test.go
index bb6e0a9739..52b0da947f 100644
--- a/pkg/services/container/morph/executor_test.go
+++ b/pkg/services/container/morph/executor_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"testing"
 
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/v2/container"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
@@ -13,6 +14,8 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	containertest "github.com/nspcc-dev/neofs-sdk-go/container/test"
+	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 	sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
 	"github.com/stretchr/testify/require"
 )
@@ -42,6 +45,22 @@ func TestInvalidToken(t *testing.T) {
 	var cnrV2 refs.ContainerID
 	cnr.WriteToV2(&cnrV2)
 
+	priv, err := keys.NewPrivateKey()
+	require.NoError(t, err)
+
+	sign := func(reqBody interface {
+		StableMarshal([]byte) []byte
+		SetSignature(signature *refs.Signature)
+	}) {
+		signer := neofsecdsa.Signer(priv.PrivateKey)
+		var sig neofscrypto.Signature
+		require.NoError(t, sig.Calculate(signer, reqBody.StableMarshal(nil)))
+
+		var sigV2 refs.Signature
+		sig.WriteToV2(&sigV2)
+		reqBody.SetSignature(&sigV2)
+	}
+
 	var tokV2 session.Token
 	sessiontest.ContainerSigned().WriteToV2(&tokV2)
 
@@ -53,7 +72,6 @@ func TestInvalidToken(t *testing.T) {
 			name: "put",
 			op: func(e containerSvc.ServiceExecutor, tokV2 *session.Token) (err error) {
 				var reqBody container.PutRequestBody
-				reqBody.SetSignature(new(refs.Signature))
 
 				cnr := containertest.Container()
 
@@ -61,6 +79,7 @@ func TestInvalidToken(t *testing.T) {
 				cnr.WriteToV2(&cnrV2)
 
 				reqBody.SetContainer(&cnrV2)
+				sign(&reqBody)
 
 				_, err = e.Put(context.TODO(), tokV2, &reqBody)
 				return
@@ -81,6 +100,7 @@ func TestInvalidToken(t *testing.T) {
 			op: func(e containerSvc.ServiceExecutor, tokV2 *session.Token) (err error) {
 				var reqBody container.SetExtendedACLRequestBody
 				reqBody.SetSignature(new(refs.Signature))
+				sign(&reqBody)
 
 				_, err = e.SetExtendedACL(context.TODO(), tokV2, &reqBody)
 				return
diff --git a/pkg/services/control/ir/server/sign.go b/pkg/services/control/ir/server/sign.go
index bb9625dea2..ad2b18e9ec 100644
--- a/pkg/services/control/ir/server/sign.go
+++ b/pkg/services/control/ir/server/sign.go
@@ -57,7 +57,9 @@ func (s *Server) isValidRequest(req SignedMessage) error {
 	sigV2.SetScheme(refs.ECDSA_SHA512)
 
 	var sig neofscrypto.Signature
-	sig.ReadFromV2(sigV2)
+	if err := sig.ReadFromV2(sigV2); err != nil {
+		return fmt.Errorf("can't read signature: %w", err)
+	}
 
 	if !sig.Verify(binBody) {
 		// TODO(@cthulhu-rider): #1387 use "const" error
diff --git a/pkg/services/control/server/sign.go b/pkg/services/control/server/sign.go
index 5d6c5d4da3..b6e36b244b 100644
--- a/pkg/services/control/server/sign.go
+++ b/pkg/services/control/server/sign.go
@@ -57,7 +57,9 @@ func (s *Server) isValidRequest(req SignedMessage) error {
 	sigV2.SetScheme(refs.ECDSA_SHA512)
 
 	var sig neofscrypto.Signature
-	sig.ReadFromV2(sigV2)
+	if err := sig.ReadFromV2(sigV2); err != nil {
+		return fmt.Errorf("can't read signature: %w", err)
+	}
 
 	if !sig.Verify(binBody) {
 		// TODO(@cthulhu-rider): #1387 use "const" error
diff --git a/pkg/services/netmap/executor.go b/pkg/services/netmap/executor.go
index 132556bb87..797478090d 100644
--- a/pkg/services/netmap/executor.go
+++ b/pkg/services/netmap/executor.go
@@ -3,6 +3,7 @@ package netmap
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	"github.com/nspcc-dev/neofs-api-go/v2/netmap"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
@@ -61,7 +62,9 @@ func (s *executorSvc) LocalNodeInfo(
 	}
 
 	var ver versionsdk.Version
-	ver.ReadFromV2(*verV2)
+	if err := ver.ReadFromV2(*verV2); err != nil {
+		return nil, fmt.Errorf("can't read version: %w", err)
+	}
 
 	ni, err := s.state.LocalNodeInfo()
 	if err != nil {
@@ -100,7 +103,9 @@ func (s *executorSvc) NetworkInfo(
 	}
 
 	var ver versionsdk.Version
-	ver.ReadFromV2(*verV2)
+	if err := ver.ReadFromV2(*verV2); err != nil {
+		return nil, fmt.Errorf("can't read version: %w", err)
+	}
 
 	ni, err := s.netInfo.Dump(ver)
 	if err != nil {
diff --git a/pkg/services/object/get/v2/util.go b/pkg/services/object/get/v2/util.go
index 1c736667f6..17ac8d638f 100644
--- a/pkg/services/object/get/v2/util.go
+++ b/pkg/services/object/get/v2/util.go
@@ -507,7 +507,9 @@ func (s *Service) toHeadPrm(ctx context.Context, req *objectV2.HeadRequest, resp
 				}
 
 				var sig neofscrypto.Signature
-				sig.ReadFromV2(*idSig)
+				if err := sig.ReadFromV2(*idSig); err != nil {
+					return nil, fmt.Errorf("can't read signature: %w", err)
+				}
 
 				if !sig.Verify(binID) {
 					return nil, errors.New("invalid object ID signature")
diff --git a/pkg/services/tree/signature.go b/pkg/services/tree/signature.go
index 65f164b378..8f97929b6f 100644
--- a/pkg/services/tree/signature.go
+++ b/pkg/services/tree/signature.go
@@ -101,7 +101,9 @@ func verifyMessage(m message) error {
 	sigV2.SetScheme(refs.ECDSA_SHA512)
 
 	var sigSDK neofscrypto.Signature
-	sigSDK.ReadFromV2(sigV2)
+	if err := sigSDK.ReadFromV2(sigV2); err != nil {
+		return fmt.Errorf("can't read signature: %w", err)
+	}
 
 	if !sigSDK.Verify(binBody) {
 		return errors.New("invalid signature")