subject:"Re\: \[Openvpn\-devel\] \[PATCH\] cppcheck finding\: add \"ASSERT\( maxoutput > 0 \|\| separator \!= NULL \)\" to prevent possible null pointer derefence"

Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

2016-09-18 Thread Jens Neuhalfen

> 
> Hello,
> 
> this defect was found by cppcheck, however cppcheck still complains.
> so, we did not make it happy yet.
> 
> I think, the best would be split this function into 2 separate functions
> (with either null argument) or leave it like that.

Unrelated to an actual fix, IMHO we should at least break up

out = alloc_buf_gc (maxoutput ? maxoutput :
((size * 2) + (size / (space_break_flags & 
FHE_SPACE_BREAK_MASK)) * (int) strlen (separator) + 2),
gc);

and create a variable with a semantic variable for the result of   "((size * 2) 
+ (size / (space_break_flags & FHE_SPACE_BREAK_MASK)) * (int) strlen 
(separator) + 2)”

Honestly the calculation looks very arcane and I would better understand it, if 
i knew what it means :-)

Jens--
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

2016-09-18 Thread Илья Шипицин

Hello,

this defect was found by cppcheck, however cppcheck still complains.
so, we did not make it happy yet.

I think, the best would be split this function into 2 separate functions
(with either null argument) or leave it like that.

2016-09-18 20:14 GMT+05:00 David Sommerseth <
open...@sf.lists.topphemmelig.net>:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 18/09/16 17:19, Ilya Shipitsin wrote:
> > --- src/openvpn/buffer.c | 6 -- 1 file changed, 4
> > insertions(+), 2 deletions(-)
> >
> > diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index
> > 52c6ab9..57bded9 100644 --- a/src/openvpn/buffer.c +++
> > b/src/openvpn/buffer.c @@ -438,10 +438,12 @@ format_hex_ex (const
> > uint8_t *data, int size, int maxoutput, unsigned int
> > space_break_flags, const char* separator, struct gc_arena *gc) { -
> > struct buffer out = alloc_buf_gc (maxoutput ? maxoutput : +  int i;
> > +  struct buffer out; +  ASSERT( maxoutput > 0 || separator != NULL
> > ); +  out = alloc_buf_gc (maxoutput ? maxoutput : ((size * 2) +
> > (size / (space_break_flags & FHE_SPACE_BREAK_MASK)) * (int) strlen
> > (separator) + 2), gc); -  int i; for (i = 0; i < size; ++i) { if
> > (separator && i && !(i % (space_break_flags &
> > FHE_SPACE_BREAK_MASK)))
> >
>
> This looks dangerous and somewhat wrong.  This can actually stop a
> server completely if the ASSERT() check fails.  I'm not sure we want
> to do that.
>
> The ASSERT() also expects maxoutput to be higher than 0, while the
> alloc_buf_gc() supports/allows maxoutput to be 0, which again confirms
> my bad feeling about this.  If maxoutput == 0, alloc_buf_gc() will
> actually allocate a reasonable buffer regardless.
>
> I do see that there might be an issue if separator == NULL
> (strlen(NULL) will segfault), so this needs to be checked far more
> carefully and compared against all the callers of format_hex_ex().
>
> The question which pops up in my head is: Is this patch purely
> targeted to silence a code analyser warning?  If so, this is most
> likely not the right fix for the OpenVPN code base.
>
>
> - --
> kind regards,
>
> David Sommerseth
> OpenVPN Technologies, Inc
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBAgAGBQJX3q9BAAoJEIbPlEyWcf3yGkwQAKKZbI2idz6a7h5ZkbQJCHMk
> JDNIpdR6XTFmG16jBrycYeew+9IRvfwpF4vh2/QPaRjDNLnKvPHP+9uEetqYmUQi
> rWzJyg3nzXSEUhFRSbdJcOK7zEWoiUUsSTiBKIYP6D5qD+QBQOZaQseCCzafrt5b
> IKrUesWMWPXAjQBYbUvcc801+JR5S/gSaSbk9TuO8Nemiry/GW/pSt0OVTggPdcm
> LiUyutQ8HXeXS9uAL32FLqFH3qq7QTHjxdVoKGGx9w/lmznqp+EaKCuANsWnt/PW
> ZTzVYM5YG5jI8XNM/wyCklu5n3yqJ37Noxd3ZRSD6ATTL/MExVgWINOOGA7f+Pj3
> P6g4ZSc//zaWUCRpUKg4O8h6jaO+0stDS5eKDpyUCHYRHRdMI4IGLuwzIzKmxWq9
> LpNGGY3Ikpf5IM+i2R04HctnNp+izEeW3vBCKnBBUHSyegRQGQ191Z5QC3SPk6VP
> HwxkHCZiOsie8WsP0Sl2dur1GjV9uyslVTkmt1GBVuoOGxpmZLJRJRayO70goZ17
> ToavpadDjt193g79j1/dpE7OCPcCitso/+egxVzDWPTtLj+7rS/gfdJBNdCHr7xK
> Pf8KKbpD7yEbEln0K7wzsjVG749qZe103KmrhZulvu3H5+SrbT5ALhroaYidhRpg
> lLcx4g4A+nZjM6kabBGy
> =QvxV
> -END PGP SIGNATURE-
>
--
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

2016-09-18 Thread Gert Doering

Hi,

On Sun, Sep 18, 2016 at 06:14:09PM +0300, David Sommerseth wrote:
> This looks dangerous and somewhat wrong.  This can actually stop a
> server completely if the ASSERT() check fails.  I'm not sure we want
> to do that.

This was discussed in a github PR, but I do not have the number right
now.

Basically, we *know* that we always call this like this, but if we should
ever call it differently, the alloc_buf_gc() call will lead to funnies
- thus, better ASSERT() in that case, so it's clear the calling contract
has been violated.

> I do see that there might be an issue if separator == NULL
> (strlen(NULL) will segfault), so this needs to be checked far more
> carefully and compared against all the callers of format_hex_ex().

See PR :)

(And yes, if things are discussed in a PR and patches get then sent
to the list months(!) later, it would be useful to actually mention the
PR in the commit message - "commit --amend" before sending)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
--
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

2016-09-18 Thread David Sommerseth

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 18/09/16 17:19, Ilya Shipitsin wrote:
> --- src/openvpn/buffer.c | 6 -- 1 file changed, 4 
> insertions(+), 2 deletions(-)
> 
> diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index 
> 52c6ab9..57bded9 100644 --- a/src/openvpn/buffer.c +++ 
> b/src/openvpn/buffer.c @@ -438,10 +438,12 @@ format_hex_ex (const 
> uint8_t *data, int size, int maxoutput, unsigned int 
> space_break_flags, const char* separator, struct gc_arena *gc) { - 
> struct buffer out = alloc_buf_gc (maxoutput ? maxoutput : +  int i;
> +  struct buffer out; +  ASSERT( maxoutput > 0 || separator != NULL
> ); +  out = alloc_buf_gc (maxoutput ? maxoutput : ((size * 2) +
> (size / (space_break_flags & FHE_SPACE_BREAK_MASK)) * (int) strlen
> (separator) + 2), gc); -  int i; for (i = 0; i < size; ++i) { if
> (separator && i && !(i % (space_break_flags & 
> FHE_SPACE_BREAK_MASK)))
> 

This looks dangerous and somewhat wrong.  This can actually stop a
server completely if the ASSERT() check fails.  I'm not sure we want
to do that.

The ASSERT() also expects maxoutput to be higher than 0, while the
alloc_buf_gc() supports/allows maxoutput to be 0, which again confirms
my bad feeling about this.  If maxoutput == 0, alloc_buf_gc() will
actually allocate a reasonable buffer regardless.

I do see that there might be an issue if separator == NULL
(strlen(NULL) will segfault), so this needs to be checked far more
carefully and compared against all the callers of format_hex_ex().

The question which pops up in my head is: Is this patch purely
targeted to silence a code analyser warning?  If so, this is most
likely not the right fix for the OpenVPN code base.


- -- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJX3q9BAAoJEIbPlEyWcf3yGkwQAKKZbI2idz6a7h5ZkbQJCHMk
JDNIpdR6XTFmG16jBrycYeew+9IRvfwpF4vh2/QPaRjDNLnKvPHP+9uEetqYmUQi
rWzJyg3nzXSEUhFRSbdJcOK7zEWoiUUsSTiBKIYP6D5qD+QBQOZaQseCCzafrt5b
IKrUesWMWPXAjQBYbUvcc801+JR5S/gSaSbk9TuO8Nemiry/GW/pSt0OVTggPdcm
LiUyutQ8HXeXS9uAL32FLqFH3qq7QTHjxdVoKGGx9w/lmznqp+EaKCuANsWnt/PW
ZTzVYM5YG5jI8XNM/wyCklu5n3yqJ37Noxd3ZRSD6ATTL/MExVgWINOOGA7f+Pj3
P6g4ZSc//zaWUCRpUKg4O8h6jaO+0stDS5eKDpyUCHYRHRdMI4IGLuwzIzKmxWq9
LpNGGY3Ikpf5IM+i2R04HctnNp+izEeW3vBCKnBBUHSyegRQGQ191Z5QC3SPk6VP
HwxkHCZiOsie8WsP0Sl2dur1GjV9uyslVTkmt1GBVuoOGxpmZLJRJRayO70goZ17
ToavpadDjt193g79j1/dpE7OCPcCitso/+egxVzDWPTtLj+7rS/gfdJBNdCHr7xK
Pf8KKbpD7yEbEln0K7wzsjVG749qZe103KmrhZulvu3H5+SrbT5ALhroaYidhRpg
lLcx4g4A+nZjM6kabBGy
=QvxV
-END PGP SIGNATURE-

--
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

4 matches

Site Navigation

Mail list logo

Footer information