Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: [Network] Determining GetNetworkRevisionString could overflow and underflow its buffer #9372

Merged

Conversation

@rubidium42
Copy link
Contributor

@rubidium42 rubidium42 commented Jun 13, 2021

Motivation / Problem

Depending on the content of _openttd_revision and _openttd_revision_hash, GetNetworkRevisionString() could overflow and underflow its buffer for non-tagged releases.
Practically it should not trigger if revision and revision_hash are set correctly by the build process.

In any case:

  • when _openttd_revision_hash is less than 10 characters, it will read beyond the bounds.
  • when _openttd_revision does not have a dash -, hashofs is effectively the negative hash. By "luck" it gets converted to size_t in the following if so hashofs get set to something more sane but if that were not to happen, strecpy would start at nullptr.
  • when _openttd_revision's length is less than githash_suffix's length, then hashofs becomes negative and strecpy would start writing before the buffer.

So, when the revision and hash are, for whatever reason, not filled there are reads and writes beyond the bounds of buffers.

Description

Rewrite the code to use std::string and perform the appropriate checks on sizes.
See https://godbolt.org/z/bbP3fxdxE for the behavior (old and new). When adding -fsanitize=address the example will be broken on the old version of the code.

Limitations

None, except the output differing in cases of under- and overflow.
Consideration can be made whether to backport it or not; problem is that it uses {fmt}, so some other manner of safely getting the githash should be devised in case it is going to be backported.

Checklist for review

Some things are not automated, and forgotten often. This list is a reminder for the reviewers.

  • The bug fix is important enough to be backported? (label: 'backport requested')
  • This PR affects the save game format? (label 'savegame upgrade')
  • This PR affects the GS/AI API? (label 'needs review: Script API')
    • ai_changelog.hpp, gs_changelog.hpp need updating.
    • The compatibility wrappers (compat_*.nut) need updating.
  • This PR affects the NewGRF API? (label 'needs review: NewGRF')
src/network/core/game_info.cpp Outdated Show resolved Hide resolved
Loading
src/network/core/game_info.cpp Show resolved Hide resolved
Loading
…d underflow its buffer

Tagged releases are not affected
@rubidium42 rubidium42 force-pushed the flowing-network_revision_string branch from 5a09e84 to 7a2cb98 Jun 14, 2021
@rubidium42 rubidium42 merged commit 9e32c61 into OpenTTD:master Jun 14, 2021
15 checks passed
Loading
@rubidium42 rubidium42 deleted the flowing-network_revision_string branch Jun 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants