-
Notifications
You must be signed in to change notification settings - Fork 304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HPCC-32939 Coverity jsocket accept socklen issue #19267
Conversation
Signed-off-by: M Kelly <[email protected]>
Jira Issue: https://hpccsystems.atlassian.net//browse/HPCC-32939 Jirabot Action Result: |
@@ -1244,7 +1244,7 @@ ISocket* CSocket::accept(bool allowcancel, SocketEndpoint *peerEp) | |||
} | |||
|
|||
DEFINE_SOCKADDR(peerSockAddr); // used if peerIp | |||
socklen_t peerSockAddrLen = sizeof(peerSockAddr); | |||
socklen_t peerSockAddrLen = sizeof(peerSockAddr.sa); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if peerSockAddrLen used below in getSockAddrEndpoint() is also helped with this change ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would have been correct before either way, and accept() populates the addrLen with the actual size filled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mckellyln - looks good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mckellyln I don't really understand the logc of the code (see comment). There are also other places that seem to have the same problem.
@@ -1244,7 +1244,7 @@ ISocket* CSocket::accept(bool allowcancel, SocketEndpoint *peerEp) | |||
} | |||
|
|||
DEFINE_SOCKADDR(peerSockAddr); // used if peerIp | |||
socklen_t peerSockAddrLen = sizeof(peerSockAddr); | |||
socklen_t peerSockAddrLen = sizeof(peerSockAddr.sa); | |||
|
|||
T_SOCKET newsock; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mckellyln I don't understand this code. The logic seems to be:
i) declare a union struct
ii) pass in the first member of the union
then call
getSockAddrEndpoint(peerSockAddr, peerSockAddrLen, *peerEp);
which either accesses the second or third elements of the union. That includes extracting the port - which as far as I can tell has not been initialised.....
There are also 3 other places in the same file that call getSockAddrEndpoint() with similar patterns/problems.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
peerSockAddr is set in in the ::accept() call and should include the port.
In the other places u and ul should be set by the getpeername() or recvfrom() etc. calls.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might be inclined to use ul = sizeof(u.sin) in these places as that is probably more typical.
The internal struct is like:
using sockaddr_t = union {
sockaddr_storage ss;
sockaddr_in6 sin6;
sockaddr_in sin;
sockaddr sa;
};
After some discussion we have decided to reject this issue and PR as invalid because there really is no memory overrun. |
Type of change:
Checklist:
Smoketest:
Testing: