-
Notifications
You must be signed in to change notification settings - Fork 592
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(mme): Null terminates string to stop buffer overflow #11925
Conversation
Thanks for opening a PR! 💯
Howto
More infoPlease take a moment to read through the Magma project's
If this is your first Magma PR, also consider reading
|
Oops! Looks like you failed the Howto
♻️ Updated: ✅ The check is passing the DCO check after the last commit. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
@electronjoe , since you modified the PLMN_BYTES macro, can you update the changes made in https://github.com/magma/magma/pull/11891/files too? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update the usage of PLMN_BYTES in state_converter.cpp
too
Addresses one finding (more exist) of magma#11826. Test Plan Using prototype Bazel build with `--config=asan` validated ASAN finding is resolved. Signed-off-by: Scott Moeller <electronjoe@gmail.com>
Thanks for the corrective advice Shruti! I've migrated all instances to zero-init (so that we get the null termination). Please take a look at the updated PR! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested locally
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Addresses one finding (more exist) of #11826. Zero-initialized all instances of `plmn_array[PLMN_BYTES]` (so that they will be null terminated) and enlarged the array by one char to accommodate the null termination. Fixes the finding: ``` [ RUN ] TestAMFStateConverter.TestUEm5gmmContextToProto ================================================================= ==15482==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffee811fc86 at pc 0x7f3038dada6d bp 0x7ffee811faa0 sp 0x7ffee811f248 READ of size 7 at 0x7ffee811fc86 thread T0 #0 0x7f3038dada6c (/lib/x86_64-linux-gnu/libasan.so.5+0x67a6c) #1 0x7f302e641e9b in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x145e9b) #2 0x7f30383b85f6 in magma::lte::oai::Tai::set_mcc_mnc(char const*) bazel-out/k8-dbg/bin/lte/protos/oai/nas_state_cpp_proto_pb/lte/protos/oai/nas_state.pb.h:11239 ``` ## Test Plan Using prototype Bazel build with `--config=asan` validated ASAN finding is resolved. Signed-off-by: Scott Moeller <electrojoe@gmail.com>
Addresses one finding (more exist) of magma#11826. Zero-initialized all instances of `plmn_array[PLMN_BYTES]` (so that they will be null terminated) and enlarged the array by one char to accommodate the null termination. Fixes the finding: ``` [ RUN ] TestAMFStateConverter.TestUEm5gmmContextToProto ================================================================= ==15482==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffee811fc86 at pc 0x7f3038dada6d bp 0x7ffee811faa0 sp 0x7ffee811f248 READ of size 7 at 0x7ffee811fc86 thread T0 #0 0x7f3038dada6c (/lib/x86_64-linux-gnu/libasan.so.5+0x67a6c) magma#1 0x7f302e641e9b in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x145e9b) magma#2 0x7f30383b85f6 in magma::lte::oai::Tai::set_mcc_mnc(char const*) bazel-out/k8-dbg/bin/lte/protos/oai/nas_state_cpp_proto_pb/lte/protos/oai/nas_state.pb.h:11239 ``` ## Test Plan Using prototype Bazel build with `--config=asan` validated ASAN finding is resolved. Signed-off-by: Scott Moeller <electrojoe@gmail.com>
Addresses one finding (more exist) of #11826.
Zero-initialized all instances of
plmn_array[PLMN_BYTES]
(so that they will be null terminated) and enlarged the array by one char to accommodate the null termination.Fixes the finding:
Test Plan
Using prototype Bazel build with
--config=asan
validated ASAN findingis resolved.
Signed-off-by: Scott Moeller electrojoe@gmail.com