-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/gnrc/tcp: fix invalid read #11999
Conversation
From the gnrc_pktbuf_mark documentation: It's not guaranteed that `result->data` points to the same address as the original `pkt->data. Thus it should be necessary to update the `hdr` pointer.
60070aa
to
9e91d21
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fine by me. Thanks for finding it.
PR passed CI. @brummer-simon have you tested this PR? Please set the respective "Reviewed..." labels and approve |
@PeterKietzmann I can't add any labels because I have no maintainer status. I tried to reproduce the Issue by following the given steps (more details on the tap device setup would be nice) but failed. However I verified the must be updated due to the 'gnrc_pktbuf_mark' documentation. In case @nmeum gives more information on the bug reproduction, I would like to verify the PR. |
What details do you need regarding the tap setup? This should be reproducible independently of any tap device configuration but since this is might be undefined behavior you never know. In any case, it would be nice to know what exactly failed. See also: #12001 (comment) |
I had to apply this PR for testing #12001. Without application of this PR the valgrind output of the test in #12001 is "Invalid read of size 2". By adding this PR the error is gone. I would says that this tested the fix although is was not able to reproduce it with the given test: "echo f | nc " could not resolve the given IP Address but it might be my local setup. All in all I think this is PR fine but I don't have maintainer status so I can't add any labels. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The fix has been tested & approved by the author of the module.
Contribution description
From the
gnrc_pktbuf_mark
documentation:Thus it should be necessary to update the
hdr
pointer.Testing procedure
USEMODULE += gnrc_pktbuf_malloc
totests/gnrc_tcp_server/Makefile
gnrc_tcp_server
usingmake -C tests/gnrc_tcp_server/ all-valgrind
gnrc_tcp_server
usingmake -C tests/gnrc_tcp_server/ term-valgrind
echo f | nc <ip> <port>
Expect output: Valgrind shouldn't report any out-out-bounds memory access.
Actual output: Valgrind reports an
Invalid read of size 2
during checksum comparison.