Add check that string read is not more than max length

[amgross]

Pull request

Choose Correct

• bug
• feature

Describe the pull request

Add fix to #326 , when passing string with max length set, ensure the real length not exceeds max length
To Reproduce

Run erpcgen on:
example.erpc.txt

Expected behavior

Screenshots

Desktop (please complete the following information):

• OS: Windows
• eRPC Version:1.9.1

Steps you didn't forgot to do

• I checked if other PR isn't solving this issue.
• I read Contribution details and did appropriate actions.
• PR code is tested.
• PR code is formatted.
• Allow edits from maintainers pull request option is set (recommended).

Additional context

I made just partially fix, need help for continue. What missing:

1. {% if info.stringAllocSize != info.stringLocalName + "_len" %} is not working, don't know how to make it working
2. Don't know how to fix client side

[amgross]

@Hadatko as you can see, the compilation failed due to point 1 I mentioned in Additional context, can you help me and fix my commit? I don't know how to do it

[amgross]

BTW, the fix is based on the decodeBinaryType template

[Hadatko]

Ok thank you. I will take a look into this.

[amgross]

I added fix to client side, and added the checks also in the read/write binary (was exist just in server write binary).
In my view need just to see how to fix the {% if info.stringAllocSize != info.stringLocalName + "_len" %}

[amgross]

Hi @Hadatko ,
The fix is fully ready for code review.
The failures in the tests are: FAILED to find pattern 'codec\->writeString\(strlen\(\(const\s*char\*\)data\->a\),\s*\(const\s*char\*\)data\->a\)
Because I changed the strlen to be outside the writeString so I can reuse the return value to compare it against the max value.

[Hadatko]

Can you fix the test too? Remove line, add line.

[amgross]

@Hadatko can you point me in which tests the YML failed?

[amgross]

@Hadatko I done (hopefully)

[amgross]

@Hadatko @MichalPrincNXP can you prioritize this PR to version 1.10.0?
It suppose to prevent buffer overflow that the client may cause on the server (and maybe also vise versa)

[Hadatko]

@amgross I put note here. Likely we do not manage to get it into 1.10.0 but into 1.11.0 it shouldn't be an issue. On develop branch it will be present once @MichalPrincNXP will have time, but we need to make decision on note i added.

[amgross]

but we need to make decision on note i added

@Hadatko what is the note you are referring to?

[Hadatko]

[amgross]

@Hadatko You probably didn't submitted your review, see at: github documentation that "Before you submit your review, your line comments are pending and only visible to you".

[amgross]

About the asserts:
two reasons why I don't want assert in this case:

1. Asserts are used for debug generally, in lots of systems asserts compiles out in operational mode, so because this flow may happen (and may even be attack of the client on the server) I think it shouldn't be assert.
2. Asserts (in most systems) causes system halt/reset, so there shouldn't be flow that is not unknown bug where assert is used.

So when we should use assert:

1. in cases that we can't think on flow it should happen and if they happen it means we have bug in current core.

Good example for it is the assert that currently exist, if erpc allocated the memory buffer and afterward got bigger length from the function that used this pointer, probably this function smashed the heap and have a bug so we should halt/reset the system.

[Hadatko]

From my point of view asserts are good to replace conditions in release target (if you would write if condition it is present in DEBUG and in RELEASE target. Using assert is only in DEBUG target and halts system).
Reason to set assert for write cases is that you as an owner are trying to writting value which can be out of range.
Reason to use updateStatus+condition for read cases is that you can receive wrong data from communication channel.

[Hadatko]

@amgross Just few minor changes and it is ready for merge.

[amgross]

@Hadatko , I think I did now what you asked

[amgross]

@MichalPrincNXP any comments?
@Hadatko finished reviewing.

[Hadatko]

@amgross i think @MichalPrincNXP will be available in beginning of new year. This is not critical bug so it will be likely added to next release as current one is in feature freeze state.

[amgross]

OK, I will wait,
In my point of view it is critical issue because the bug here may lead to buffer overflow which one attacker side can cause the other, but I understand it is not yours point of view.

[Hadatko]

@amgross Thank you for your patience

[MichalPrincNXP]

Thank you, @amgross , @Hadatko for the effort and the patience!