Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Valgrind reported memory access bugs #9833

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Valgrind reported memory access bugs #9833

wants to merge 7 commits into from

Conversation

gabekassel
Copy link
Contributor

Fix one serious and two less serious uninitialized memory access bugs in openthread. All of these were found using valgrind.

  • zero signal handler memory access
  • zero otSecurityPolicy structure during SecurityPolicy class constructor
  • do not access netlink message error TLVs if the extended ack flag is not set in the message
    • this can happen when the kernel is too old to support the netlink socket option.
    • this bug has led to segmentation faults and in one case a livelock.

@gabekassel
posix: check for nlmsg error tlv attributes
53e9e64 
Signed off by: Nick Owens - nick.owens@eero.com

if we couldn't set NETLINK_EXT_ACK, there's no extra nlmsg attributes in
the error. avoid UB and walking uninitialized memory by checking the
flag for those attributes. for us, this avoids segfaults and in one
instance, an infinite loop while walking the non-existant attributes.
@gabekassel
posix: zero initialize sigaction struct before use
d0366b4 
Signed-off by: Nick Owens nick.owens@eero.com

this removes a valgrind warning about use of uninitialized memory in a
syscall when backtrace is enabled.
@size-report size-report
Copy link

size-report bot commented Feb 6, 2024
edited

Size Report of OpenThread

Merging #9833 into main(08a7600).

name branch text data bss total
ot-cli-ftd main 465664 760 66332 532756
#9833 465680 760 66332 532772
+/- +16 0 0 +16
ot-ncp-ftd main 435652 760 61544 497956
#9833 435652 760 61544 497956
+/- 0 0 0 0
libopenthread-ftd.a main 234945 0 40278 275223
#9833 234949 0 40278 275227
+/- +4 0 0 +4
libopenthread-cli-ftd.a main 56919 0 8075 64994
#9833 56919 0 8075 64994
+/- 0 0 0 0
libopenthread-ncp-ftd.a main 31855 0 5916 37771
#9833 31855 0 5916 37771
+/- 0 0 0 0
ot-cli-mtd main 364640 760 51220 416620
#9833 364640 760 51220 416620
+/- 0 0 0 0
ot-ncp-mtd main 347292 760 46448 394500
#9833 347292 760 46448 394500
+/- 0 0 0 0
libopenthread-mtd.a main 158177 0 25182 183359
#9833 158181 0 25182 183363
+/- +4 0 0 +4
libopenthread-cli-mtd.a main 39743 0 8059 47802
#9833 39743 0 8059 47802
+/- 0 0 0 0
libopenthread-ncp-mtd.a main 24735 0 5916 30651
#9833 24735 0 5916 30651
+/- 0 0 0 0
ot-cli-ftd-br main 534248 768 130876 665892
#9833 534248 768 130876 665892
+/- 0 0 0 0
libopenthread-ftd-br.a main 298180 5 104798 402983
#9833 298184 5 104798 402987
+/- +4 0 0 +4
libopenthread-cli-ftd-br.a main 70552 0 8099 78651
#9833 70552 0 8099 78651
+/- 0 0 0 0
ot-rcp main 62248 564 20604 83416
#9833 62248 564 20604 83416
+/- 0 0 0 0
libopenthread-rcp.a main 9542 0 5052 14594
#9833 9542 0 5052 14594
+/- 0 0 0 0
libopenthread-radio.a main 18821 0 214 19035
#9833 18821 0 214 19035
+/- 0 0 0 0

abtink
abtink reviewed Feb 6, 2024
View reviewed changes
Copy link
Member

@abtink abtink left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @gabekassel :)
One suggestion below:

src/core/thread/key_manager.hpp Outdated
@@ -85,7 +85,7 @@ class SecurityPolicy : public otSecurityPolicy, public Equatable<SecurityPolicy>
* and Security Policy Flags.
*
*/
SecurityPolicy(void) { SetToDefault(); }
SecurityPolicy(void) : otSecurityPolicy() { SetToDefault(); }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may not do what we intend in all cases (all toochains) since otSecuretyPolicy() is a C struct definition (so no constructor is defined for it). Default constructor may not clear all its fields (behavior can be toolchain dependent)

It may be safer to explicitly clear all its bytes. Here is my suggestion:

  • We can add public Clearable<SecurityPolicy> as a base class to class SecurityPolicy:
class SecurityPolicy : public otSecurityPolicy, public Equatable<SecurityPolicy>, public Clearable<SecurityPolicy>
  • And then we can add a Clear() call in SetToDefault() method

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@abtink applied. let me know if that looks right

@codecov Codecov
Copy link

codecov bot commented Feb 6, 2024
edited

Codecov Report

Attention: Patch coverage is 80.00000% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 82.28%. Comparing base (ffe2f52) to head (c27d701).
Report is 31 commits behind head on main.

❗ Current head c27d701 differs from pull request most recent head f4482ea. Consider uploading reports for the commit f4482ea to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #9833      +/-   ##
==========================================
+ Coverage   78.86%   82.28%   +3.42%     
==========================================
  Files         537      555      +18     
  Lines       67706    73691    +5985     
==========================================
+ Hits        53393    60635    +7242     
+ Misses      14313    13056    -1257
Files Coverage Δ
src/core/thread/key_manager.hpp 95.45% <100.00%> (ø)
src/posix/platform/backtrace.cpp 14.58% <100.00%> (+1.81%) ⬆️
src/posix/platform/netif.cpp 88.68% <66.66%> (+55.96%) ⬆️

... and 258 files with indirect coverage changes

@gabekassel
key_manager: zero initialize otSecurityPolicy
18fd2a3 
Signed-off by: Nick Owens nick.owens@eero.com

valgrind reports that otSecurityPolicy is used uninitialized, so just
make it zero.

clear all bytes when setting to default

make pretty
abtink
abtink reviewed Mar 4, 2024
View reviewed changes
Copy link
Member

@abtink abtink left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thanks. Couple of suggested changes below:

src/core/thread/key_manager.cpp Outdated Show resolved Hide resolved
src/core/thread/key_manager.hpp Outdated Show resolved Hide resolved
gabekassel and others added 4 commits March 4, 2024 13:52
@gabekassel @abtink
Update src/core/thread/key_manager.cpp
1dfb86c 
Co-authored-by: Abtin Keshavarzian <abtink@google.com>
@gabekassel @abtink
Update src/core/thread/key_manager.hpp
0476276 
Co-authored-by: Abtin Keshavarzian <abtink@google.com>
@gabekassel
make pretty
f955abb
@gabekassel
Merge branch 'gkass/netlink-memory-access' of github.com:gabekassel/o…
6ed0139 
…penthread into gkass/netlink-memory-access
@gabekassel
Copy link
Contributor Author

Looks good. Thanks. Couple of suggested changes below:

updated

@gabekassel
Copy link
Contributor Author

make pretty still fails - not sure why exactly

jwhui
jwhui reviewed Mar 5, 2024
View reviewed changes
src/core/thread/key_manager.cpp
Comment on lines 66 to +68
mRotationTime = kDefaultKeyRotationTime;
SetToDefaultFlags();

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove extra line to satisfy pretty check.

Suggested change
mRotationTime = kDefaultKeyRotationTime;
SetToDefaultFlags();
mRotationTime = kDefaultKeyRotationTime;
SetToDefaultFlags();

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwhui jwhui jwhui left review comments

@abtink abtink abtink left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@gabekassel @jwhui @abtink