Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix crash on ListPathRequest with malformed prefix #2682

Merged
merged 1 commit into from
Sep 8, 2023
Merged

Fix crash on ListPathRequest with malformed prefix #2682

merged 1 commit into from
Sep 8, 2023

Conversation

rodrigopv
Copy link
Contributor

@rodrigopv rodrigopv commented Aug 4, 2023
edited
Loading

When ListPathRequest is done by a gRPC client including a malformed prefix,
the server would crash with an invalid memory address reference.

This commit fixes the crash by checking whether the parseCIDR method returned an error.

@rodrigopv
Copy link
Contributor Author

rodrigopv commented Aug 5, 2023
edited
Loading

Added tests to cover the cases I found + other inputs that can make it to this method through gRPC (arbitrary text). Also fixed an error in my first approach 🚀

@rodrigopv
Copy link
Contributor Author

Just as a note, same as my other PR, tests are passing when I run them locally, so unless there's a style change request this should be good to merge.

Thanks!

fujita
fujita reviewed Sep 6, 2023
View reviewed changes
pkg/packet/bgp/bgp.go
return NewIPAddrPrefix(0, "")
}
return NewIPv6AddrPrefix(0, "")
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not just return an error?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was going for a conservative approach as the current version was doing prefix = NewIPAddrPrefix(0, "") on certain code paths (but maybe for different reasons). Can't remember whether I tried throwing an error on this one though.

I'll try an approach that throws an error instead when an invalid CIDR and I'll post updates here 👌

@rodrigopv
Copy link
Contributor Author

rodrigopv commented Sep 7, 2023
edited
Loading

Ok now it passes all the tests, yet it is crashing again when a malformed prefix is passed because of a nil pointer somewhere else:

[signal SIGSEGV: segmentation violation code=0x1 addr=0x70 pc=0x1733c4b]

goroutine 43 [running]:
github.com/osrg/gobgp/v3/internal/pkg/table.(*Table).tableKey(0x20?, {0x0?, 0x0?})
	/Users/rodrigo.pena/gobgp/internal/pkg/table/table.go:407 +0x48b
github.com/osrg/gobgp/v3/internal/pkg/table.(*Table).GetDestination(...)
	/Users/rodrigo.pena/gobgp/internal/pkg/table/table.go:206
github.com/osrg/gobgp/v3/internal/pkg/table.(*Table).Select.func1({0xc00003a0d8?, 0xc000012048?})
	/Users/rodrigo.pena/gobgp/internal/pkg/table/table.go:477 +0xac
github.com/osrg/gobgp/v3/internal/pkg/table.(*Table).Select(0xc0001c3c80, {0xc0000b8e10, 0x1, 0x27b5d28?})
	/Users/rodrigo.pena/gobgp/internal/pkg/table/table.go:525 +0x1296
github.com/osrg/gobgp/v3/pkg/server.(*BgpServer).getRib.func1()
	/Users/rodrigo.pena/gobgp/pkg/server/server.go:2542 +0x1cd
github.com/osrg/gobgp/v3/pkg/server.(*BgpServer).handleMGMTOp(0x17f9be0?, 0xc000010108)
	/Users/rodrigo.pena/gobgp/pkg/server/server.go:273 +0x89
github.com/osrg/gobgp/v3/pkg/server.(*BgpServer).Serve(0xc0002dc000)
	/Users/rodrigo.pena/gobgp/pkg/server/server.go:460 +0x5eb
created by main.main
	/Users/rodrigo.pena/gobgp/cmd/gobgpd/main.go:199 +0x145c
exit status 2

I'll dig deeper and propose an approach to handle this malformed input gracefully

@fujita
Copy link
Member

fujita commented Sep 7, 2023

Ok now it passes all the tests, yet it is crashing again when a malformed prefix is passed because of a nil pointer somewhere else:

[signal SIGSEGV: segmentation violation code=0x1 addr=0x70 pc=0x1733c4b]

goroutine 43 [running]:
github.com/osrg/gobgp/v3/internal/pkg/table.(*Table).tableKey(0x20?, {0x0?, 0x0?})
	/Users/rodrigo.pena/gobgp/internal/pkg/table/table.go:407 +0x48b
github.com/osrg/gobgp/v3/internal/pkg/table.(*Table).GetDestination(...)
	/Users/rodrigo.pena/gobgp/internal/pkg/table/table.go:206
github.com/osrg/gobgp/v3/internal/pkg/table.(*Table).Select.func1({0xc00003a0d8?, 0xc000012048?})
	/Users/rodrigo.pena/gobgp/internal/pkg/table/table.go:477 +0xac
github.com/osrg/gobgp/v3/internal/pkg/table.(*Table).Select(0xc0001c3c80, {0xc0000b8e10, 0x1, 0x27b5d28?})
	/Users/rodrigo.pena/gobgp/internal/pkg/table/table.go:525 +0x1296
github.com/osrg/gobgp/v3/pkg/server.(*BgpServer).getRib.func1()
	/Users/rodrigo.pena/gobgp/pkg/server/server.go:2542 +0x1cd
github.com/osrg/gobgp/v3/pkg/server.(*BgpServer).handleMGMTOp(0x17f9be0?, 0xc000010108)
	/Users/rodrigo.pena/gobgp/pkg/server/server.go:273 +0x89
github.com/osrg/gobgp/v3/pkg/server.(*BgpServer).Serve(0xc0002dc000)
	/Users/rodrigo.pena/gobgp/pkg/server/server.go:460 +0x5eb
created by main.main
	/Users/rodrigo.pena/gobgp/cmd/gobgpd/main.go:199 +0x145c
exit status 2

I'll dig deeper and propose an approach to handle this malformed input gracefully

Unit test failed? If so, needs to fix the unit test to handle an error properly.

@rodrigopv
Fix crash on ListPathRequest with malformed prefix
b6be999 
When ListPathRequest is done by a gRPC client including a malformed prefix,
 the server would crash an invalid memory address reference.

This commit fixes the crash by checking whether the parseCIDR method returned
an error.
@rodrigopv
Copy link
Contributor Author

Now I implemented error handling on Table.Select() and add an additional unit test resembling the crash I posted in the last comment.

CI passes now, although we have the random race fail in ci/unit, but after retrying, it should be good 🤟.

Also, I did end-to-end testing by passing malformed prefixes via gRPC and gobgpd no longer crashes

@fujita fujita merged commit b6be999 into osrg:master Sep 8, 2023
39 checks passed
@fujita
Copy link
Member

fujita commented Sep 8, 2023

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fujita fujita fujita left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rodrigopv @fujita