Invalid assumption of SocketAddrV{4,6} layout #1

Nemo157 · 2020-12-15T11:18:00Z

This code assumes that Rust's std::net::{SocketAddrV4, SocketAddrV6} are layout compatible with sockaddr:

Lines 61 to 84 in f706c11

    
           impl Addr { 
        
               /// Creates a raw socket address from `SocketAddr`. 
        
               fn new(addr: SocketAddr) -> Self { 
        
                   let (addr, len): (*const sockaddr, socklen_t) = match &addr { 
        
                       SocketAddr::V4(addr) => (addr as *const _ as *const _, mem::size_of_val(addr) as _), 
        
                       SocketAddr::V6(addr) => (addr as *const _ as *const _, mem::size_of_val(addr) as _), 
        
                   }; 
        
                   unsafe { Self::from_raw_parts(addr, len) } 
        
               } 
        
               /// Creates an `Addr` from its raw parts. 
        
               unsafe fn from_raw_parts(addr: *const sockaddr, len: socklen_t) -> Self { 
        
                   let mut storage = MaybeUninit::<sockaddr_storage>::uninit(); 
        
                   ptr::copy_nonoverlapping( 
        
                       addr as *const _ as *const u8, 
        
                       &mut storage as *mut _ as *mut u8, 
        
                       len as usize, 
        
                   ); 
        
                   Self { 
        
                       storage: storage.assume_init(), 
        
                       len, 
        
                   } 
        
               } 
        
           }

This is not guaranteed by the standard library, see rust-lang/rust#78802 for more details.

The text was updated successfully, but these errors were encountered:

faern · 2021-02-14T10:25:58Z

Awesome 🎉
Will there be a semver compatible patch release coming out? So people can get rid of the invalid memory assumption with a simple cargo update.

taiki-e · 2021-02-14T10:57:59Z

Published in 1.0.3 & yanked old versions.

faern · 2021-02-14T10:58:24Z

Thanks!

faern · 2021-02-14T11:13:54Z

I submitted a security advisory on the older versions. rustsec/advisory-db#765

Nemo157 mentioned this issue Dec 15, 2020

Implement network primitives with ideal Rust layout, not C system layout rust-lang/rust#78802

Merged

34 tasks

Keruspe mentioned this issue Jan 11, 2021

switch to socket2 #5

Merged

taiki-e closed this as completed in #5 Feb 14, 2021

faern mentioned this issue Feb 14, 2021

Add advisory on nb-connect SocketAddr casting rustsec/advisory-db#765

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalid assumption of SocketAddrV{4,6} layout #1

Invalid assumption of SocketAddrV{4,6} layout #1

Nemo157 commented Dec 15, 2020

faern commented Feb 14, 2021

taiki-e commented Feb 14, 2021

faern commented Feb 14, 2021

faern commented Feb 14, 2021

Invalid assumption of SocketAddrV{4,6} layout #1

Invalid assumption of SocketAddrV{4,6} layout #1

Comments

Nemo157 commented Dec 15, 2020

faern commented Feb 14, 2021

taiki-e commented Feb 14, 2021

faern commented Feb 14, 2021

faern commented Feb 14, 2021