View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008820 | GNUnet | transport service | public | 2024-05-07 06:59 | 2024-06-08 12:03 |
| Reporter | ulfvonbelow | Assigned To | schanzen | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | x86-64 | OS | Guix System | OS Version | a1d711c92e |
| Product Version | Git master | ||||
| Fixed in Version | 0.21.2 | ||||
| Summary | 0008820: Improper handling of natted address not being found in check_for_global_natted in gnunet-transport-service | ||||
| Description | If a matching address is found, contains_address will set tgna_cls.tgna and all will be fine. If one isn't, though, tgna_cls.tgna will be unaffected, and have whatever value it had before. tgna_cls is stack-allocated, so instead of this being NULL, it's undefined. The precise effect this will end up having therefore may not be the same on your machine, but on mine it caused the assertion GNUNET_assert (neighbour->size_of_global_addresses >= ntohl (tgna_cls.tgna->address_length)); to fail. Regardless of whether it's NULL or undefined, it shouldn't be dereferenced immediately afterward without some sort of check. Checking for tgna_cls.tgna->address_length == 0 is also probably the wrong way of testing whether a tgna was found. | ||||
| Steps To Reproduce | 1. Start transport service 2. ??? Maybe assertion failure? | ||||
| Additional Information | Patch attached. It is unclear to me whether tgna_cls.tgna->address_length is in host or network byte order. The GNUNET_log call uses tgna_cls.tgna->address_length without any translation, while elsewhere it is treated as if it is in network byte order. | ||||
| Tags | No tags attached. | ||||
| Attached Files | 0001-TRANSPORT-properly-handle-no-matching-natted-address.patch (2,355 bytes)
From c78b8f8567ae1ea288f66af557bccd2cf255ddab Mon Sep 17 00:00:00 2001
From: ulfvonbelow <striness@tilde.club>
Date: Sun, 5 May 2024 23:49:15 -0500
Subject: [PATCH] TRANSPORT: properly handle no matching natted address being
found.
---
.../transport/gnunet-service-transport.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/service/transport/gnunet-service-transport.c b/src/service/transport/gnunet-service-transport.c
index 06c33ad00..35877e244 100644
--- a/src/service/transport/gnunet-service-transport.c
+++ b/src/service/transport/gnunet-service-transport.c
@@ -11738,18 +11738,20 @@ check_for_global_natted (void *cls,
GNUNET_HELLO_builder_free (builder);
tgna_cls.addr = get_address_without_port (queue->address);
+ tgna_cls.tgna = NULL;
address_len_without_port = strlen (tgna_cls.addr);
GNUNET_CONTAINER_multipeermap_get_multiple (neighbour->natted_addresses,
&neighbour->pid,
&contains_address,
&tgna_cls);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- " tgna_cls.tgna tgna %p %u %u %u\n",
- tgna_cls.tgna,
- neighbour->size_of_global_addresses,
- tgna_cls.tgna->address_length,
- neighbour->number_of_addresses);
- if (0 == tgna_cls.tgna->address_length && GNUNET_YES == queue->is_global_natted)
+ if (NULL != tgna_cls.tgna)
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ " tgna_cls.tgna tgna %p %u %u %u\n",
+ tgna_cls.tgna,
+ neighbour->size_of_global_addresses,
+ tgna_cls.tgna->address_length,
+ neighbour->number_of_addresses);
+ if (NULL == tgna_cls.tgna && GNUNET_YES == queue->is_global_natted)
{
struct TransportGlobalNattedAddress *tgna;
@@ -11766,7 +11768,7 @@ check_for_global_natted (void *cls,
"Created tgna %p\n",
tgna);
}
- else if (0 != tgna_cls.tgna->address_length && GNUNET_NO == queue->is_global_natted)
+ else if (NULL != tgna_cls.tgna && GNUNET_NO == queue->is_global_natted)
{
GNUNET_CONTAINER_multipeermap_remove (neighbour->natted_addresses,
&neighbour->pid,
--
2.41.0
| ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-05-07 06:59 | ulfvonbelow | New Issue | |
| 2024-05-07 06:59 | ulfvonbelow | File Added: 0001-TRANSPORT-properly-handle-no-matching-natted-address.patch | |
| 2024-05-13 10:37 | schanzen | Assigned To | => t3sserakt |
| 2024-05-13 10:37 | schanzen | Status | new => assigned |
| 2024-05-14 10:30 | t3sserakt | Assigned To | t3sserakt => schanzen |
| 2024-05-14 10:30 | t3sserakt | Status | assigned => resolved |
| 2024-05-14 10:30 | t3sserakt | Resolution | open => fixed |
| 2024-05-14 17:21 | schanzen | Fixed in Version | => 0.21.2 |
| 2024-06-08 12:03 | schanzen | Note Added: 0022529 | |
| 2024-06-08 12:03 | schanzen | Status | resolved => closed |
