View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008819 | GNUnet | transport service | public | 2024-05-07 06:32 | 2024-06-08 12:03 |
| Reporter | ulfvonbelow | Assigned To | schanzen | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | x86-64 | OS | Guix System | OS Version | a1d711c92e |
| Product Version | Git master | ||||
| Fixed in Version | 0.21.2 | ||||
| Summary | 0008819: contains_address in gnunet-service-transport incorrectly uses GNUNET_memcmp | ||||
| Description | GNUNET_memcmp is for comparing the bytes of two objects being pointed to. It has no understanding of any dynamic size. The size of a char is, unsurprisingly, sizeof(char). Consequently only the bytes of the characters pointed to (the first in each string) are compared. This is probably not what was intended. | ||||
| Steps To Reproduce | Thought experiment. | ||||
| Additional Information | Patch attached. | ||||
| Tags | No tags attached. | ||||
| Attached Files | 0001-TRANSPORT-fix-contains_address.patch (1,264 bytes)
From 97d4bf150046264ae8ae6f523e24d19860580346 Mon Sep 17 00:00:00 2001
From: ulfvonbelow <striness@tilde.club>
Date: Sun, 5 May 2024 23:45:29 -0500
Subject: [PATCH] TRANSPORT: fix contains_address.
GNUNET_memcmp takes two typed pointers and compares the bytes of the objects
pointed to, using the size of the type of the first argument. The first
argument here is of type char *, so it compares the character it points to to
the character the second argument points to. This is probably not what was
intended.
---
src/service/transport/gnunet-service-transport.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/service/transport/gnunet-service-transport.c b/src/service/transport/gnunet-service-transport.c
index 38371032e..06c33ad00 100644
--- a/src/service/transport/gnunet-service-transport.c
+++ b/src/service/transport/gnunet-service-transport.c
@@ -11683,7 +11683,8 @@ contains_address (void *cls,
struct TransportGlobalNattedAddress *tgna = value;
char *addr = (char *) &tgna[1];
- if (0 == GNUNET_memcmp (addr, tgna_cls->addr))
+ if (strlen(tgna_cls->addr) == tgna->address_length
+ && 0 == strncmp (addr, tgna_cls->addr, tgna->address_length))
{
tgna_cls->tgna = tgna;
return GNUNET_NO;
--
2.41.0
| ||||
|
|
On closer inspection, that tgna->address_length appears to be in network byte order. Updated patch attached. |
|
|
apparently if you click "Add Note" and the upload makes no progress, and then you click "Add Note" again, the post will be made without any attachments. |
|
|
... and then I forgot to add the attachment while complaining. |
|
|
... and did it again. It's just been that kind of night. 0001-TRANSPORT-fix-contains_address-2.patch (1,378 bytes)
From 582270f21559ed5e84b9755aa18f15fa3466bc84 Mon Sep 17 00:00:00 2001
From: ulfvonbelow <striness@tilde.club>
Date: Sun, 5 May 2024 23:45:29 -0500
Subject: [PATCH] TRANSPORT: fix contains_address.
GNUNET_memcmp takes two typed pointers and compares the bytes of the objects
pointed to, using the size of the type of the first argument. The first
argument here is of type char *, so it compares the character it points to to
the character the second argument points to. This is probably not what was
intended.
---
src/service/transport/gnunet-service-transport.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/service/transport/gnunet-service-transport.c b/src/service/transport/gnunet-service-transport.c
index 38371032e..e1748fa17 100644
--- a/src/service/transport/gnunet-service-transport.c
+++ b/src/service/transport/gnunet-service-transport.c
@@ -11682,8 +11682,10 @@ contains_address (void *cls,
struct TransportGlobalNattedAddressClosure *tgna_cls = cls;
struct TransportGlobalNattedAddress *tgna = value;
char *addr = (char *) &tgna[1];
+ size_t cls_tgna_length = strlen (tgna_cls->addr);
- if (0 == GNUNET_memcmp (addr, tgna_cls->addr))
+ if (cls_tgna_length == ntohl (tgna->address_length)
+ && 0 == strncmp (addr, tgna_cls->addr, cls_tgna_length))
{
tgna_cls->tgna = tgna;
return GNUNET_NO;
--
2.41.0
|
|
|
Applied |
|
|
0.21.2 released |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-05-07 06:32 | ulfvonbelow | New Issue | |
| 2024-05-07 06:32 | ulfvonbelow | File Added: 0001-TRANSPORT-fix-contains_address.patch | |
| 2024-05-07 07:08 | ulfvonbelow | Note Added: 0022363 | |
| 2024-05-07 07:09 | ulfvonbelow | Note Added: 0022364 | |
| 2024-05-07 07:09 | ulfvonbelow | Note Added: 0022365 | |
| 2024-05-07 07:11 | ulfvonbelow | Note Added: 0022366 | |
| 2024-05-07 07:11 | ulfvonbelow | File Added: 0001-TRANSPORT-fix-contains_address-2.patch | |
| 2024-05-13 10:36 | schanzen | Assigned To | => schanzen |
| 2024-05-13 10:36 | schanzen | Status | new => resolved |
| 2024-05-13 10:36 | schanzen | Resolution | open => fixed |
| 2024-05-13 10:36 | schanzen | Fixed in Version | => 0.21.2 |
| 2024-05-13 10:36 | schanzen | Note Added: 0022384 | |
| 2024-06-08 12:03 | schanzen | Note Added: 0022543 | |
| 2024-06-08 12:03 | schanzen | Status | resolved => closed |
