From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 2E78F6EC58; Sat, 26 Jun 2021 00:49:14 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 2E78F6EC58 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1624657754; bh=KfrP2bXb4hpQupYn63bHLrBOk9FYRlrOg5tta/clAZM=; h=To:References:Date:In-Reply-To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=r7PPtIPv+FGpD2FLyB48615yzixWZZ4q4YZSMoeiDx7a0nlsRLB2FWCKYSu8d7XpE SRL+45SXT3FSwvlPIpJiFRjWO1M5Dgm0Bmog6NNyl4iEwn6zm5/uHKz6z35PGxyUkY yMYZ9Jb1Q4oQz8pVavkXDvH/ST8dzUoUm7vIgXfc= Received: from smtpng2.i.mail.ru (smtpng2.i.mail.ru [94.100.179.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id BE4996EC58 for ; Sat, 26 Jun 2021 00:49:11 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org BE4996EC58 Received: by smtpng2.m.smailru.net with esmtpa (envelope-from ) id 1lwthH-0002hD-69; Sat, 26 Jun 2021 00:49:11 +0300 To: Cyrill Gorcunov , tml References: <20210625100707.87807-1-gorcunov@gmail.com> Message-ID: <9652278e-570e-40e5-b2d1-856fe58179fc@tarantool.org> Date: Fri, 25 Jun 2021 23:49:10 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20210625100707.87807-1-gorcunov@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD954DFF1DC42D673FB96E19CC2B9345E2B1F8975EC27617E56182A05F5380850406ED84D404D9B8CF3514E75B3EDF24F7A2F6CC4F16D28C74D6E19F4CFBCBDDE6F X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7BF6702EC5472AA0FEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637F78F3D6E0D6791938638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8CD6E322ABC7D13614A8F5D3D30CA86BA117882F4460429724CE54428C33FAD305F5C1EE8F4F765FCEA77C8EAE1CE44B0A471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352026055571C92BF10FF04B652EEC242312D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B6A1DCCEB63E2F10FB089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF X-B7AD71C0: AC4F5C86D027EB782CDD5689AFBDA7A2AD77751E876CB595E8F7B195E1C978311A639D718EE62E887892AAF64C174D19 X-C1DE0DAB: 0D63561A33F958A5EF73876372CE0D4FD9E9EF33792973D1DBB9763DCB412621D59269BC5F550898D99A6476B3ADF6B47008B74DF8BB9EF7333BD3B22AA88B938A852937E12ACA75F04B387B5D7535DE410CA545F18667F91A7EA1CDA0B5A7A0 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34BF5454112BD5BFD724D825973AF2C321505A2478C1C6A5D95BEB29625A43A9712AD311CA4BA8DC301D7E09C32AA3244C811246C9EC0ED2DDC70A21BBA4D8BAAF5595C85A795C7BAE729B2BEF169E0186 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojQMwavxIrnHbP2VgPIRYg/w== X-Mailru-Sender: 689FA8AB762F73936BC43F508A06382250627C4C634039906D6983D2F0F92BE73841015FED1DE5223CC9A89AB576DD93FB559BB5D741EB963CF37A108A312F5C27E8A8C3839CE0E267EA787935ED9F1B X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH] raft: more precise verification of incoming request state X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Vladislav Shpilevoy via Tarantool-patches Reply-To: Vladislav Shpilevoy Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" Hi! Thanks for the patch! On 25.06.2021 12:07, Cyrill Gorcunov via Tarantool-patches wrote: > When new raft message comes in from the network we need > to be sure that the payload is suitable for processing, > in particular `raft_msg::state` must be valid because > our code logic depends on it. > > Since the `raft_msg::state` is declared as enum the > its processing is implementation defined an a compiler > might treat it as unsigned or signed int. In the latter > case the `if` statement won't be taken which will lead > to undefined behaviour. So > > 1) Use explicit unsigned type conversion to make sure > the `state` requested is valid; > 2) Use panic() instead of unreacheable() macro; > 3) Extend testing. > > Closes #6067 Unfortunately, the patch does not fix much. Firstly, the state is decoded from MessagePack as mp_decode_uint(). It can't be negative originally by design. Secondly, and most importantly, the state is decoded as uint64_t raft_request.state, but it is saved without checks into enum struct raft_msg.state in box_raft_request_to_msg(). So the current patch does not change almost anything I suppose? Because if I send ((UINT32_MAX << 31) | 0x01), it will work. Because the upper 32 bits would be truncated (assuming the enum is 32 bits), and your checks are done too late to notice it. Correct? If so, then I would propose to fix the issue entirely, if you want to work on that. > diff --git a/src/lib/raft/raft.c b/src/lib/raft/raft.c > index eacdddb7e..409e983f0 100644 > --- a/src/lib/raft/raft.c > +++ b/src/lib/raft/raft.c > @@ -309,7 +309,9 @@ raft_process_msg(struct raft *raft, const struct raft_msg *req, uint32_t source) > say_info("RAFT: message %s from %u", raft_msg_to_string(req), source); > assert(source > 0); > assert(source != raft->self); > - if (req->term == 0 || req->state == 0 || req->state >= raft_state_MAX) { > + > + if (req->term == 0 || req->state == 0 || > + (unsigned)req->state >= raft_state_MAX) { Please, perform a normal < 0 comparison. No need for unsigned cast cast.