New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Guard against bad allocation calling rcl_arguments_copy() #367

Merged
merged 4 commits into from Jan 4, 2019

Conversation

Projects
None yet
2 participants
@jacobperron
Copy link
Member

jacobperron commented Dec 22, 2018

Closes #362

If the implementation of malloc(0) returns NULL then rcl_arguments_copy() will return RCL_BAD_ALLOC when the input has args->impl->num_unparsed_args == 0 or args->impl->num_remap_rules == 0.


This raises another concern.
It doesn't appear that we have test cases for when malloc(0) returns NULL (which is a valid implementation). Perhaps we should have a CI job that overrides the default allocate function in rcutils to uncover other bugs similar in nature to this one.

@sloretz

sloretz approved these changes Jan 3, 2019

Show resolved Hide resolved rcl/src/rcl/arguments.c Outdated
@jacobperron

This comment has been minimized.

Copy link
Member Author

jacobperron commented Jan 3, 2019

  • Linux Build Status
  • Linux-aarch64 Build Status
  • macOS Build Status
  • Windows Build Status
@sloretz

sloretz approved these changes Jan 3, 2019

@jacobperron jacobperron merged commit 65bf34b into master Jan 4, 2019

@jacobperron jacobperron deleted the fix_362 branch Jan 4, 2019

@jacobperron jacobperron removed the in review label Jan 4, 2019

AAlon added a commit to AAlon/rcl that referenced this pull request Jan 8, 2019

make pr ready for ros2cli security feature (#1)
* update docs about possibility of rcl_take no taking (ros2#356)

* update rcl_wait doc with respect to subs and possibility of failing takes

* add a note about possible failing takes in rcl_take docs

* 0.6.2

* Set rmw_wait timeout using ros timers too (ros2#357)

* 0.6.3

* Avoid timer period being set to 0 (ros2#359)

* Fix logic that moves goal handles when one expires (ros2#360)

* Fix error from uncrustify v0.68 (ros2#364)

* Ensure that context instance id storage is aligned correctly (ros2#365)

* Ensure that context instance id storage is aligned correctly

* Make alignment compatible with MSVC

* Namespace alignment macro with RCL_

* [rcl] Guard against bad allocation calling rcl_arguments_copy() (ros2#367)

* [rcl] Add test for copying arguments struct with no arguments

* Override allocate function in test to reveal bug

* [rcl] Only allocate arrays if there are things to copy in rcl_argument_copy()

Also guard against freeing invalid pointers if rcl_argument_copy() fails.

* Remove uncessary guard against NULL pointer

* linter, styles, uncrustify fixes

AAlon added a commit to AAlon/rcl that referenced this pull request Jan 11, 2019

make pr ready for ros2cli security feature (#1)
* update docs about possibility of rcl_take no taking (ros2#356)

* update rcl_wait doc with respect to subs and possibility of failing takes

* add a note about possible failing takes in rcl_take docs

* 0.6.2

* Set rmw_wait timeout using ros timers too (ros2#357)

* 0.6.3

* Avoid timer period being set to 0 (ros2#359)

* Fix logic that moves goal handles when one expires (ros2#360)

* Fix error from uncrustify v0.68 (ros2#364)

* Ensure that context instance id storage is aligned correctly (ros2#365)

* Ensure that context instance id storage is aligned correctly

* Make alignment compatible with MSVC

* Namespace alignment macro with RCL_

* [rcl] Guard against bad allocation calling rcl_arguments_copy() (ros2#367)

* [rcl] Add test for copying arguments struct with no arguments

* Override allocate function in test to reveal bug

* [rcl] Only allocate arrays if there are things to copy in rcl_argument_copy()

Also guard against freeing invalid pointers if rcl_argument_copy() fails.

* Remove uncessary guard against NULL pointer

* linter, styles, uncrustify fixes

emersonknapp added a commit to emersonknapp/rcl that referenced this pull request Feb 13, 2019

make pr ready for ros2cli security feature (ros2#1)
* update docs about possibility of rcl_take no taking (ros2#356)

* update rcl_wait doc with respect to subs and possibility of failing takes

* add a note about possible failing takes in rcl_take docs

* 0.6.2

* Set rmw_wait timeout using ros timers too (ros2#357)

* 0.6.3

* Avoid timer period being set to 0 (ros2#359)

* Fix logic that moves goal handles when one expires (ros2#360)

* Fix error from uncrustify v0.68 (ros2#364)

* Ensure that context instance id storage is aligned correctly (ros2#365)

* Ensure that context instance id storage is aligned correctly

* Make alignment compatible with MSVC

* Namespace alignment macro with RCL_

* [rcl] Guard against bad allocation calling rcl_arguments_copy() (ros2#367)

* [rcl] Add test for copying arguments struct with no arguments

* Override allocate function in test to reveal bug

* [rcl] Only allocate arrays if there are things to copy in rcl_argument_copy()

Also guard against freeing invalid pointers if rcl_argument_copy() fails.

* Remove uncessary guard against NULL pointer

* linter, styles, uncrustify fixes

emersonknapp added a commit to emersonknapp/rcl that referenced this pull request Feb 13, 2019

make pr ready for ros2cli security feature (ros2#1)
* update docs about possibility of rcl_take no taking (ros2#356)

* update rcl_wait doc with respect to subs and possibility of failing takes

* add a note about possible failing takes in rcl_take docs

* 0.6.2

* Set rmw_wait timeout using ros timers too (ros2#357)

* 0.6.3

* Avoid timer period being set to 0 (ros2#359)

* Fix logic that moves goal handles when one expires (ros2#360)

* Fix error from uncrustify v0.68 (ros2#364)

* Ensure that context instance id storage is aligned correctly (ros2#365)

* Ensure that context instance id storage is aligned correctly

* Make alignment compatible with MSVC

* Namespace alignment macro with RCL_

* [rcl] Guard against bad allocation calling rcl_arguments_copy() (ros2#367)

* [rcl] Add test for copying arguments struct with no arguments

* Override allocate function in test to reveal bug

* [rcl] Only allocate arrays if there are things to copy in rcl_argument_copy()

Also guard against freeing invalid pointers if rcl_argument_copy() fails.

* Remove uncessary guard against NULL pointer

* linter, styles, uncrustify fixes

emersonknapp added a commit to AAlon/rcl that referenced this pull request Feb 13, 2019

make pr ready for ros2cli security feature (#1)
* update docs about possibility of rcl_take no taking (ros2#356)

* update rcl_wait doc with respect to subs and possibility of failing takes

* add a note about possible failing takes in rcl_take docs

* 0.6.2

* Set rmw_wait timeout using ros timers too (ros2#357)

* 0.6.3

* Avoid timer period being set to 0 (ros2#359)

* Fix logic that moves goal handles when one expires (ros2#360)

* Fix error from uncrustify v0.68 (ros2#364)

* Ensure that context instance id storage is aligned correctly (ros2#365)

* Ensure that context instance id storage is aligned correctly

* Make alignment compatible with MSVC

* Namespace alignment macro with RCL_

* [rcl] Guard against bad allocation calling rcl_arguments_copy() (ros2#367)

* [rcl] Add test for copying arguments struct with no arguments

* Override allocate function in test to reveal bug

* [rcl] Only allocate arrays if there are things to copy in rcl_argument_copy()

Also guard against freeing invalid pointers if rcl_argument_copy() fails.

* Remove uncessary guard against NULL pointer

* linter, styles, uncrustify fixes

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

jacobperron added a commit that referenced this pull request Feb 21, 2019

Security directory lookup improvements (#332)
* Changing security directory lookup to a prefix match rather than exact match.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Changing security directory lookup to a prefix match rather than exact match.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Changing security directory lookup to a prefix match rather than exact match.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Changing security directory lookup to a prefix match rather than exact match.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Adding security_directory module and moving rcl_get_secure_root function to it. Adding tests.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Adding security_directory module and moving rcl_get_secure_root function to it. Adding tests.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Adding security_directory module and moving rcl_get_secure_root function to it. Adding tests.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Adding security_directory module and moving rcl_get_secure_root function to it. Adding tests.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Adding security_directory module and moving rcl_get_secure_root function to it. Adding tests.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Changing security directory prefix matching to be optional. Improving error messages around security directory lookup.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Fixing get_best_matching_directory so that it always fetches the next file inside the loop.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* make pr ready for ros2cli security feature (#1)

* update docs about possibility of rcl_take no taking (#356)

* update rcl_wait doc with respect to subs and possibility of failing takes

* add a note about possible failing takes in rcl_take docs

* 0.6.2

* Set rmw_wait timeout using ros timers too (#357)

* 0.6.3

* Avoid timer period being set to 0 (#359)

* Fix logic that moves goal handles when one expires (#360)

* Fix error from uncrustify v0.68 (#364)

* Ensure that context instance id storage is aligned correctly (#365)

* Ensure that context instance id storage is aligned correctly

* Make alignment compatible with MSVC

* Namespace alignment macro with RCL_

* [rcl] Guard against bad allocation calling rcl_arguments_copy() (#367)

* [rcl] Add test for copying arguments struct with no arguments

* Override allocate function in test to reveal bug

* [rcl] Only allocate arrays if there are things to copy in rcl_argument_copy()

Also guard against freeing invalid pointers if rcl_argument_copy() fails.

* Remove uncessary guard against NULL pointer

* linter, styles, uncrustify fixes

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Update rcl/include/rcl/security_directory.h

Co-Authored-By: AAlon <avishayalon@gmail.com>
Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Adding line break in docstring

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Removing duplicate doc string

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Removing tinydir from the source tree, instead using the ROS package tinydir_vendor.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Removing tinydir

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Reformatting license notice as per linter template.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Update test_security_directory.cpp

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Changing input to putenv to be a global, statically allocated buffer.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* test_security_directory - Using a larger buffer for env string manipulations.

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Copy environment variable to allocated string so it is not clobbered by next lookup

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Address review comments

fix security directory exact match comment and unset env vars before tests

Signed-off-by: Emerson Knapp <eknapp@amazon.com>

* Remove strncpy

Signed-off-by: Emerson Knapp <eknapp@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment