From: Sergey Ostanevich <sergos@tarantool.org> To: Cyrill Gorcunov <gorcunov@gmail.com> Cc: tarantool-patches@dev.tarantool.org, Vladislav Shpilevoy <v.shpilevoy@tarantool.org> Subject: Re: [Tarantool-patches] [PATCH] core: fix static_alloc buffer overflow Date: Tue, 3 Nov 2020 16:59:42 +0300 [thread overview] Message-ID: <20201103135942.GD517@tarantool.org> (raw) In-Reply-To: <20201102214720.GF2339@grain> Hi! I double checked the snprintf fails only if buf is set to NULL _and_ the len is set to a non-zero value. So I would follow Vlad's proposal on factoring out the code to make it clearer. Sergos. ==== commit 6f6eb1b8f12679b69eba40ea960a9ebb439c798e Author: Sergey Ostanevich <sergos@tarantool.org> Date: Fri Oct 23 16:09:31 2020 +0300 core: fix static_alloc buffer overflow Static buffer overflow in thread local pool causes random fails on OSX platform. This was caused by an incorrect use of the allocator result. Fixes #5312 Co-authored-by: Vladislav Shpilevoy <v.shpilevoy@tarantool.org> diff --git a/src/lib/core/sio.c b/src/lib/core/sio.c index 97a512eee..d008526d5 100644 --- a/src/lib/core/sio.c +++ b/src/lib/core/sio.c @@ -46,6 +46,33 @@ static_assert(SMALL_STATIC_SIZE > NI_MAXHOST + NI_MAXSERV, "static buffer should fit host name"); +/** + * Safely print a socket description to the given buffer, with correct overflow + * checks and all. + */ +static int +sio_socketname_to_buffer(int fd, char *buf, int size) +{ + int n = 0; + SNPRINT(n, snprintf, buf, size, "fd %d", fd); + if (fd < 0) + return 0; + struct sockaddr_storage addr; + socklen_t addrlen = sizeof(addr); + int rc = getsockname(fd, (struct sockaddr *) &addr, &addrlen); + if (rc == 0) { + SNPRINT(n, snprintf, buf, size, ", aka %s", + sio_strfaddr((struct sockaddr *)&addr, addrlen)); + } + addrlen = sizeof(addr); + rc = getpeername(fd, (struct sockaddr *) &addr, &addrlen); + if (rc == 0) { + SNPRINT(n, snprintf, buf, size, ", peer of %s", + sio_strfaddr((struct sockaddr *)&addr, addrlen)); + } + return 0; +} + const char * sio_socketname(int fd) { @@ -53,25 +80,13 @@ sio_socketname(int fd) int save_errno = errno; int name_size = 2 * SERVICE_NAME_MAXLEN; char *name = static_alloc(name_size); - int n = snprintf(name, name_size, "fd %d", fd); - if (fd >= 0) { - struct sockaddr_storage addr; - socklen_t addrlen = sizeof(addr); - int rc = getsockname(fd, (struct sockaddr *) &addr, &addrlen); - if (rc == 0) { - n += snprintf(name + n, name_size - n, ", aka %s", - sio_strfaddr((struct sockaddr *)&addr, - addrlen)); - } - addrlen = sizeof(addr); - rc = getpeername(fd, (struct sockaddr *) &addr, &addrlen); - if (rc == 0) { - n += snprintf(name + n, name_size - n, - ", peer of %s", - sio_strfaddr((struct sockaddr *)&addr, - addrlen)); - } - } + int rc = sio_socketname_to_buffer(fd, name, name_size); + /* + * Could fail only because of a bad format in snprintf, but it is not + * bad, so should not fail. + */ + assert(rc == 0); + (void)rc; /* * Restore the original errno, it might have been reset by * snprintf() or getsockname(). On 03 ноя 00:47, Cyrill Gorcunov wrote: > On Mon, Nov 02, 2020 at 10:43:02PM +0100, Vladislav Shpilevoy wrote: > > > > > > Guys, I didn't follow the details of the series but thought of some > > > helper like below. Will it help? > > > > In some places yes. But SNPRINT is used not only with snprintf. > > > > It also is used with vsnprintf, mp_snprint, vy_run_snprint_filename, > > tuple_snprint, say_format_plain_tail, json_escape, strftime, and probably > > more. So it would be better to fix SNPRINT. To cover all its usage > > cases. > > OK, sounds reasonable.
next prev parent reply other threads:[~2020-11-03 13:59 UTC|newest] Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-10-23 15:13 Sergey Ostanevich 2020-10-23 20:06 ` Vladislav Shpilevoy 2020-10-29 22:56 ` Vladislav Shpilevoy 2020-10-30 7:07 ` Cyrill Gorcunov 2020-10-31 16:33 ` Vladislav Shpilevoy 2020-11-02 13:19 ` Sergey Ostanevich 2020-11-02 21:09 ` Vladislav Shpilevoy 2020-11-02 21:18 ` Cyrill Gorcunov 2020-11-02 21:43 ` Vladislav Shpilevoy 2020-11-02 21:47 ` Cyrill Gorcunov 2020-11-03 13:59 ` Sergey Ostanevich [this message] 2020-11-03 14:08 ` Cyrill Gorcunov 2020-11-03 22:59 ` Vladislav Shpilevoy
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20201103135942.GD517@tarantool.org \ --to=sergos@tarantool.org \ --cc=gorcunov@gmail.com \ --cc=tarantool-patches@dev.tarantool.org \ --cc=v.shpilevoy@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH] core: fix static_alloc buffer overflow' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox