Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix some CMP related msan failures #12275

Closed
wants to merge 4 commits into from
Closed

Fix some CMP related msan failures #12275

wants to merge 4 commits into from

Conversation

mattcaswell
Copy link
Member

The cmp_cli test is failing in some travis builds on master due to msan failures. There are two separate problems fixed by this PR:

  1. Ensure a string is properly terminated in http_client.c

In HTTP_new_bio(), if the host has a trailing '/' we took a copy of the hostname but failed to terminate it properly.

  1. If an empty password is supplied still try to use it

If an empty password was supplied we ignored it and were trying to use the fallback method to read the password instead (i.e. read from stdin). However if that failed (which it always does if the cmp option -batch is used) then we were reporting that we had successfully read the password without actually setting one.

Instead, if an empty password is explicitly provided we should use it. If no password is supplied explicitly and we have no fallback method then we assume the empty password.

[extended tests]

@mattcaswell
Ensure a string is properly terminated in http_client.c
27e325b 
In HTTP_new_bio(), if the host has a trailing '/' we took a copy of the
hostname but failed to terminate it properly.
@mattcaswell mattcaswell added the branch: master Merge to master branch label Jun 25, 2020
@mattcaswell
Copy link
Member Author

@DDvO

@mattcaswell
If an empty password is supplied still try to use it
18d3b31 
If an empty password was supplied we ignored it and were trying to use
the fallback method to read the password instead (i.e. read from stdin).
However if that failed (which it always does if the cmp option -batch is
used) then we were reporting that we had successfully read the password
without actually setting one.

Instead, if an empty password is explicitly provided we should use it. If
no password is supplied explicitly and we have no fallback method then we
assume the empty password.

[extended tests]
DDvO
DDvO approved these changes Jun 25, 2020
View reviewed changes
Copy link
Contributor

@DDvO DDvO left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fixes; LGTM.

I mentioned a couple of potential coding style enhancements, but these are optional and unrelated to the given fixes.

apps/lib/apps_ui.c Show resolved Hide resolved
apps/lib/apps_ui.c Show resolved Hide resolved
crypto/http/http_client.c Show resolved Hide resolved
@DDvO
Copy link
Contributor

DDvO commented Jun 26, 2020

Extended test still fail for the Travis CI build witth configuration
no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared enable-buildtest-c++ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -Wno-unused-command-line-argument.

It turns out that this is (as in #12145) due to some CMP verification steps being omitted to allow for more aggressive fuzzing in case FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is enabled.
In such cases test_cmp_cli does not really make sense.

I had already tried disabling such tests in test/recipes/81-test_cmp_cli.t in #12175 as follows:

plan skip_all => "These tests are not supported in a fuzz build"
    if !disabled("fuzz-libfuzzer") || !disabled("fuzz-afl");

but this turns out to be insufficient here.

Can we somehow check using Perl in that script if the configuration has been done with
-D FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION?
The above condition !disabled("fuzz-libfuzzer") || !disabled("fuzz-afl") should be replaced by that new check.

@DDvO
Copy link
Contributor

DDvO commented Jun 29, 2020

This PR is currently blocked by the following question:

Can we somehow check using Perl in that script if the configuration has been done with
-D FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION?

@richsalz
Copy link
Contributor

Not sure the best way to do it, but this probably works:

use lib bldtop_dir('.');
import configdata;
if ( $config{options} =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/ ) {
 ...
}

@DDvO
Copy link
Contributor

DDvO commented Jun 29, 2020

Not sure the best way to do it, but this probably works:

use lib bldtop_dir('.');
import configdata;
if ( $config{options} =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/ ) {
 ...
}

Thanks @richsalz - the idea is good,
I just had to adapt this because bldtop_dir is not yet available when importing libs.

@mattcaswell, if you add to test/recipes/81-test_cmp_cli.t the import of bldtop_file and replace

plan skip_all => "These tests are not supported in a fuzz build"
    if !disabled("fuzz-libfuzzer") || !disabled("fuzz-afl");

by

open(CONFIG, bldtop_file("configdata.pm"));
plan skip_all => "These tests are not supported in a fuzz build"
    if (grep { /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/ } <CONFIG>);
close CONFIG;

the exclusion of fuzz-related builds should work fine.

@DDvO DDvO mentioned this pull request Jun 30, 2020
Closed
1 task
@mattcaswell
Copy link
Member Author

Updated with a new commit that should address the travis failures. I was able to tweak @richsalz's variant a bit more to get it to work.

@mattcaswell
Copy link
Member Author

I just realised I forgot to address @DDvO's style comments. Fix up pushed addressing those.

@DDvO
Copy link
Contributor

DDvO commented Jul 2, 2020

@mattcaswell, this is ready to merge. Shall I do?

@mattcaswell
Copy link
Member Author

@mattcaswell, this is ready to merge. Shall I do?

It's not been re-approved since the latest changes - so unfortunately not yet ready for merge.

DDvO
DDvO approved these changes Jul 2, 2020
View reviewed changes
Copy link
Contributor

@DDvO DDvO left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, overlooked the need for renewed approval.
Still LGTM.

@t8m
Copy link
Member

t8m commented Jul 2, 2020

Unfortunately it is not clear whether all the extended tests are fixed because the fixup commit makes them not to run.

@mattcaswell
Copy link
Member Author

Darn...I remembered to add "extended tests" to my earlier fixup - but not to the subsequent one. Will add shortly.

@t8m
Copy link
Member

t8m commented Jul 2, 2020

I've restarted the Travis build on the previous commit to find out as the fixup commit should not change anything in regards to tests.

@mattcaswell
Copy link
Member Author

I've restarted the Travis build on the previous commit to find out as the fixup commit should not change anything in regards to tests

Ah! Ok - perfect. Thanks.

@mattcaswell
Copy link
Member Author

I've restarted the Travis build on the previous commit to find out as the fixup commit should not change anything in regards to tests.

The Travis run passed.

@mattcaswell mattcaswell added the approval: done This pull request has the required number of approvals label Jul 3, 2020
openssl-machine pushed a commit that referenced this pull request Jul 3, 2020
@mattcaswell
Ensure a string is properly terminated in http_client.c
5a64071 
In HTTP_new_bio(), if the host has a trailing '/' we took a copy of the
hostname but failed to terminate it properly.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from #12275)
openssl-machine pushed a commit that referenced this pull request Jul 3, 2020
@mattcaswell
If an empty password is supplied still try to use it
ca3245a 
If an empty password was supplied we ignored it and were trying to use
the fallback method to read the password instead (i.e. read from stdin).
However if that failed (which it always does if the cmp option -batch is
used) then we were reporting that we had successfully read the password
without actually setting one.

Instead, if an empty password is explicitly provided we should use it. If
no password is supplied explicitly and we have no fallback method then we
assume the empty password.

[extended tests]

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from #12275)
openssl-machine pushed a commit that referenced this pull request Jul 3, 2020
@mattcaswell
Don't run the cmp_cli tests if using FUZZING_BUILD_MODE
5b39380 
[extended tests]

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from #12275)
@mattcaswell
Copy link
Member Author

Pushed. Thanks.

@mattcaswell mattcaswell closed this Jul 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DDvO DDvO DDvO approved these changes

@t8m t8m t8m approved these changes

Assignees
No one assigned
Labels
approval: done This pull request has the required number of approvals branch: master Merge to master branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mattcaswell @DDvO @richsalz @t8m