From patchwork Thu Feb 29 17:07:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13577449 Received: from mail-oi1-f171.google.com (mail-oi1-f171.google.com [209.85.167.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F0BC3771E for ; Thu, 29 Feb 2024 17:07:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709226463; cv=none; b=mOEacUUKMANej/nvDSvsbD9ZHt2bnIZ7uS7jflTE+Xl7vdO1Nvm5y6hXcALUsyGsu/0XBeJhqhSb4gz9kYpPeUVc+Aei0xKc6SZRR1s3GsYNpVAat7XDOnJOnFbFoErm598aj3erTLUWIhM6pfPE0gKjggU9dDFcKKRnlp6UahI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709226463; c=relaxed/simple; bh=+cri8Tocb7xOC0dqaklP9dxc1R8YhiW73j3UN/AR7wY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=s9CRzq/YS0lDvD5cyYnztcrnVbYnQqkMa7FS0yTgQbbhlJBmnv7ij6nMzdTZBlCYBYHKzTN0jQ/sOOG3ynRpHMR9nrBMWPRDlVRC01NAgzUhcceLl0TqUiMDuUPK9BcrCI0767WYxZ+aclY/HawRM7bwZfJKpt5ebaFEBR3ltGo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=P9ZSP3lH; arc=none smtp.client-ip=209.85.167.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="P9ZSP3lH" Received: by mail-oi1-f171.google.com with SMTP id 5614622812f47-3c15b7b36bbso359473b6e.1 for ; Thu, 29 Feb 2024 09:07:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709226460; x=1709831260; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=kPwWmARM0SI9+Vv1UdP2ERP4muSd2xS3PQaAtufBuYA=; b=P9ZSP3lHr+C0xbYIaRa3QvbnEVY0D3FM8+cUzp9S01F64tMWHkwfPVC329jA6KFTkB EqX5TBsZl3sBxMpTB9gReAgFgJohcYPGmSqLUTnA+ngc4UHfDNzMAVR/m9W+fdJkAC/r f51YijJoxDLRx49ZOFm9LEnhsIsjtRAYAnr9sD4NfKQ/Lrp8B/K1FrpdvYasMeK8S1q/ 5LXt7h+dOS8R4YMtgLPT1nNSuNT2Ta+p9Q5ZN65kkqf8i2h6EIJ2ETmha0FCkvi6HTpB ggHyZsOd79/d+/hrTN8BsSaurpzCkaT2KIU6GN1fam8xFdapMM/nNiJr9kavAYdf6aUA l+og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709226460; x=1709831260; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kPwWmARM0SI9+Vv1UdP2ERP4muSd2xS3PQaAtufBuYA=; b=uXrQcI0JYkuo3pVX0sI1z0wnpXugPVxNXZXeVR0PGXJDf1mrNxStxIU5C/bx1zlzOV 0aI2S8ExkZza7+kLdjM2zClYHxAgLmOPBus4+/VwuLP4YnII56zXH0+r95wtH2j0LVEA 1h6iyjzGKuEg99Fpd26Ro5NttnxkhbWp5V8sxX7xga7zNG+uNDTLCmvYb0we8Tout4MC 8ISS9In39GvCLK9BMYs4FoRdHLqvSMnZig/WAPZaMkdogHX6o8usFh77TIhMzKj2p7rE NBzvMLgtROYyrw8f7OhA54RQvvv5p1/NVpA00y85l7FYNDnNawZhaVCCQIzxfF5ghFXF sC8w== X-Gm-Message-State: AOJu0Yxptw/NWmCzsjrHfcgkIh8KUij/Qu2O+tc+5iUJXLJgBx49hDJ+ r+Il8Fkr0rDiAG5EVr20ZCwTdktHa9BE3eerIpK7SgiBL/IKVN5S90eloP7o X-Google-Smtp-Source: AGHT+IG0YwcBqwjm4Cr7GWA+o4uhZW6I4Wk/M5aDmx/0W29F5cElZUf714uuNIAcL8EoQ27pmE6HUQ== X-Received: by 2002:a05:6358:3a14:b0:17b:8830:628c with SMTP id g20-20020a0563583a1400b0017b8830628cmr3548399rwe.2.1709226460033; Thu, 29 Feb 2024 09:07:40 -0800 (PST) Received: from LOCLAP699.rst-01.locus ([208.195.13.130]) by smtp.gmail.com with ESMTPSA id pj36-20020a05620a1da400b00787fd080d28sm697415qkn.74.2024.02.29.09.07.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Feb 2024 09:07:39 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 1/5] auto-t: end process_io on HUP signal, detect process crash Date: Thu, 29 Feb 2024 09:07:30 -0800 Message-Id: <20240229170734.1498918-1-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When HUP is received the IO read callback was never completing which caused it to block indefinitely until waited for. This didn't matter for most transient processes but for IWD, hostapd, wpa_supplicant it would cause test-runner to hang if the process crashed. Detecting a crash is somewhat hacky because we have no process management like systemd and the return code isn't reliable as some processes return non-zero under normal circumstances. So to detect a crash the process output is being checked for the string: "++++++++ backtrace ++++++++". This isn't 100% reliable obviously since its dependent on how the binary is compiled, but even if the crash itself isn't detected any test should still fail if written correctly. Doing this allows auto-tests to handle IWD crashes gracefully by failing the test, printing the exception (event without debugging) and continue with other tests. --- tools/utils.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/utils.py b/tools/utils.py index 5984fc69..d5445ea7 100644 --- a/tools/utils.py +++ b/tools/utils.py @@ -175,23 +175,27 @@ class Process(subprocess.Popen): def process_io(self, source, condition): if condition & GLib.IO_HUP: self.hup = True + self.wait() + bt = self.out.partition("++++++++ backtrace ++++++++") + if bt[1]: + raise Exception(f"Process {self.args[0]} crashed!\n{bt[1] + bt[2]}") data = source.read() if not data: - return True + return not self.hup try: data = data.decode('utf-8') except: - return True + return not self.hup # Save data away in case the caller needs it (e.g. list_sta) self.out += data self._write_io(self, data) - return True + return not self.hup def _append_outfile(self, file, append=True): gid = int(os.environ.get('SUDO_GID', os.getgid())) From patchwork Thu Feb 29 17:07:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13577450 Received: from mail-qk1-f178.google.com (mail-qk1-f178.google.com [209.85.222.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA7E9383BB for ; Thu, 29 Feb 2024 17:07:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709226464; cv=none; b=AaVFt75KimVa9E4O4gEufYhjeZakPYyK80uF+tfgQPDYVLndTifILfTudfjUi2akmi95KboidYR5eCZZ6bZhlEJOpNMyGHfXI3xgMmztQ9SJZ1Zj+DKo0yqFMauG9L8OmHO3mFdInkwrq6/igeXFXAkMHHqBFQGPtXhJhJkPSCg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709226464; c=relaxed/simple; bh=h+bX4uGDutM1ahDxTS9DW1x27pFEZGjaq+PUwrVQmpc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Wm1QGio8cj+O5UPo0A09yhm2JIS5XUyKVZKUsZ+FGg6nv/9dAYGWjtz8RMdMVy5k/cO1mUrkxC/cqHC9RjuWdDwTbnl23EuykjXjoSxPCOD494bbOz3ERny9nFRu4Ktkt5uUZYzPWPWFhTbpqt8V7aZd9ZONtWg0JPy7WgWj6y0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=K65Fmppt; arc=none smtp.client-ip=209.85.222.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="K65Fmppt" Received: by mail-qk1-f178.google.com with SMTP id af79cd13be357-787a8430006so75961285a.3 for ; Thu, 29 Feb 2024 09:07:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709226461; x=1709831261; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=w6EMShpKJ/FoFa0YaCkbQ7zfmuuUiOmt9NCtAM7SPes=; b=K65FmpptUGdm0bmo+xQv531kDb5TQSLiOYy7Vtgl4jLbPPccOTES3FH38Ave4IXcfd xNJhw7hs15/7GKXwGEFIlyQ3qN9fnoBO0TTGKx5q4W4CsI4OXKO+hStOw8HZofM+HxBJ 068IO3Q5s2skchnPQUEDVqrvJIM1w3eUxBBXWXptjt9eGx9Od359yfeyB/eJd35ZoEF6 CXim1exyUL04nK9KWvrrSWH1smUQhyiay6gm4Kbmwuy4fVir71goczKPjizMDGpwXbBk wXORawoTDq5ixawBA5SKF013ug5CY0ALOB7+PpvbnzsOneeieAZz87tij0lfXY/3vf0d eFbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709226461; x=1709831261; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w6EMShpKJ/FoFa0YaCkbQ7zfmuuUiOmt9NCtAM7SPes=; b=HU9cpZcJVnEa2VxLudT98Gy/BSAOgu34/aAbYOWig7xec77OxrvjoiB/UnGA43ztSM maeAyhq+6CWbMhqOzP3V/vZN5y0fO3NsOfT6wySxFUBuw1PFRSkEJNbCN+hm0jlK+goP HuOsvMcOCwmxMzRz8zF/AwYUorx3OQH5FoTiryVaWvbIIIjKD84Z8foAwlie3nEcUEar svfvD8UKwgSFRvDJmNV+BeWs7DEgS41fdaM/QCdq5FKEzEXnBEgzoH/cZvDaDDMWAneb 0C2bq8qGgzKW/CXNIO8r/pKj+nRNuf5zxzDSZp5K/naKTGMRv7nadPZ5aWx6TYPUlgwd b8Tg== X-Gm-Message-State: AOJu0YwgCOy/2RD/dFQT7NwQ0hvxTy2Blmo6Url++UVvUfPO6AIvhZqS 9BkzbmkfteOV3UFQcbnYUnbuKRcP+xHjrOyvY9dX0jZjXonAqivnCxtXwZLT X-Google-Smtp-Source: AGHT+IEjoo6tzZ80FkwGAyj5736gpsk3qjvfRslcZ7e/5IUIy39RALEvl6W85sGxfqUe3I3WfH2QEg== X-Received: by 2002:a05:620a:1367:b0:787:e5e8:84d0 with SMTP id d7-20020a05620a136700b00787e5e884d0mr2730677qkl.36.1709226461472; Thu, 29 Feb 2024 09:07:41 -0800 (PST) Received: from LOCLAP699.rst-01.locus ([208.195.13.130]) by smtp.gmail.com with ESMTPSA id pj36-20020a05620a1da400b00787fd080d28sm697415qkn.74.2024.02.29.09.07.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Feb 2024 09:07:40 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood , Alex Radocea Subject: [PATCH 2/5] auto-t: Add frame fuzzing test Date: Thu, 29 Feb 2024 09:07:31 -0800 Message-Id: <20240229170734.1498918-2-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240229170734.1498918-1-prestwoj@gmail.com> References: <20240229170734.1498918-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add a test to validate a crash found by Alex Radocea when sending a fuzzed beacon frame. Co-authored-by: Alex Radocea --- autotests/testFrameFuzzing/fake_ap.py | 72 +++++++++++++++++++ autotests/testFrameFuzzing/hw.conf | 7 ++ .../testFrameFuzzing/test_frame_fuzzing.py | 37 ++++++++++ 3 files changed, 116 insertions(+) create mode 100644 autotests/testFrameFuzzing/fake_ap.py create mode 100644 autotests/testFrameFuzzing/hw.conf create mode 100644 autotests/testFrameFuzzing/test_frame_fuzzing.py diff --git a/autotests/testFrameFuzzing/fake_ap.py b/autotests/testFrameFuzzing/fake_ap.py new file mode 100644 index 00000000..8ee369de --- /dev/null +++ b/autotests/testFrameFuzzing/fake_ap.py @@ -0,0 +1,72 @@ +import unittest +import sys +import sys +import os +from scapy.layers.dot11 import * +from scapy.arch import str2mac, get_if_raw_hwaddr +from time import time, sleep +from threading import Thread + +def if_hwaddr(iff): + return str2mac(get_if_raw_hwaddr(iff)[1]) + +def config_mon(iface, channel): + """set the interface in monitor mode and then change channel using iw""" + os.system("ip link set dev %s down" % iface) + os.system("iw dev %s set type monitor" % iface) + os.system("ip link set dev %s up" % iface) + os.system("iw dev %s set channel %d" % (iface, channel)) + +class AP: + def __init__(self, ssid, psk, mac=None, mode="stdio", iface="wlan0", channel=1): + self.channel = channel + self.iface = iface + self.mode = mode + if self.mode == "iface": + if not mac: + mac = if_hwaddr(iface) + config_mon(iface, channel) + if not mac: + raise Exception("Need a mac") + else: + self.mac = mac + self.boottime = time() + + def get_radiotap_header(self): + return RadioTap() + + def dot11_beacon(self, contents): + evil_packet = ( + self.get_radiotap_header() + / Dot11( + subtype=8, addr1="ff:ff:ff:ff:ff:ff", addr2=self.mac, addr3=self.mac + ) + / Dot11Beacon(cap=0x3101) + / contents + ) + self.sendp(evil_packet) + + def run(self, contents): + interval = 0.05 + num_beacons = 100 + + while num_beacons: + self.dot11_beacon(contents) + sleep(interval) + num_beacons -= 1 + + def start(self, contents): + self.thread = Thread(target=self.run, args=(contents,)) + self.thread.start() + + def stop(self): + self.thread.join() + + def sendp(self, packet, verbose=False): + if self.mode == "stdio": + x = packet.build() + sys.stdout.buffer.write(struct.pack(" X-Patchwork-Id: 13577451 Received: from mail-qk1-f173.google.com (mail-qk1-f173.google.com [209.85.222.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38AF844C67 for ; Thu, 29 Feb 2024 17:07:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709226465; cv=none; b=MJ6rvxtLGlBS3Ra4h+Fmfp1VnwJ24BItMGdgiGR1HkNJyI2VN7jRPNDRivAQ51BjdlZNjNfyuoYlCqwJ+C5JgjE4+nj8hfHXQIxVdbDg3KRgp5Ku3oSMRIQFI2ugGKa+FdmZgOjBrWDpakLAdmcy8daEbHmIMwd7x/0pROUYeRE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709226465; c=relaxed/simple; bh=KVN1bP/yeL4LK1R49P0e73OyCnnnO/vmBbGyJUiLm3U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=jzPSrO9rxY0IC1AWqLZ6BQyEKp5KxX0LVaTJjJMe1JouLXLxqq1COhti8JiV/McwlBoyfa0zSuX5M9hoH2fb2bWGUOU277JOlDn4vNI1N1v3z4SZbdXxpp1XhzmhpuGJJQwNrUu0QSd0IEVPL+OKx2z2rybekRnPYCeKQuKG724= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OPptkHFQ; arc=none smtp.client-ip=209.85.222.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OPptkHFQ" Received: by mail-qk1-f173.google.com with SMTP id af79cd13be357-7810827e54eso82979985a.2 for ; Thu, 29 Feb 2024 09:07:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709226463; x=1709831263; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/kPc538jMHlw80x3kzgQQjRTP1WDceWAn4v2CFdyVm4=; b=OPptkHFQhsa4TLGqDBuK9rpimU/XgXe5Sda5fjz/T4Mil2a3DiSN4zc7vWUpbv1jQw iGyrxqLN3oZvQs6VYiV8Eub9X8oi9Qz/ArdvRVbIUeE/59V1RFrxXNLIKqkQe4cmEwuI O7rvfGQ/uRMx+3dsTJISx4wBL5bzyvTjAEQCV7yxoD2BhRm9tsw99xgr/FPwZeffYVlg LjtQe/SuDn1A8Jcz5y+eZLiaYesRnUHGjWWw9S3Bmge1GmbCYl+66duJCr9g24dNtx5C 3u2yK5wb1ssQPmxcGRvz3C0ln+GrXr3SttGjer7vWsPHLeCBjrI6ecGuYaF3PxOmVHi9 iDkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709226463; x=1709831263; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/kPc538jMHlw80x3kzgQQjRTP1WDceWAn4v2CFdyVm4=; b=EGuewKR9f1sJ/Md4yMdUnuv4wiX3I8ODk8WasLNiMI92b9vxG0Y48JSCBJZuJ7jyQU yhai9FVu4ruz3incwifZnobmpBPbSzalTQBt0Mz/Wabo640brroRR+Qhm4Gg8lvTaFQK eAaPR+0saDpAVV7ww9QgI51lPrIC6TKhgDLu2Pf23rRRoM2wUNs0RibTROF5icBlnyxU cqDc564ATQ8VrPmHfIFprtKlXvMBIv/LQYVz4YowKdDFo+vPxrLFsOdfjBZzUgpI+gJV 7s5MsySlh9ArxExMtD+icljvNiENtWROQmUykddsdbRilaqrYmaJiZ1k/okoL0jJ0xku 5BJA== X-Gm-Message-State: AOJu0YzFT8NiPWGReaw6vIv5o/vZ8I/JvLx7aUJ6ezkOyZgeRybAa7c0 +IMqUZ9biRJfQGCHxjaK3mmhQoIkPTdk97UhI3bD79149u7kTxJyYh5AfQiq X-Google-Smtp-Source: AGHT+IFZUuCQnOYEbPYickkSD6wqsmfMdKd/bCjbhWNTUoDY/NobLbl4ESTb7j8p6lqiNdl0mtDd/Q== X-Received: by 2002:a05:620a:228d:b0:787:3769:d747 with SMTP id o13-20020a05620a228d00b007873769d747mr2555320qkh.59.1709226462713; Thu, 29 Feb 2024 09:07:42 -0800 (PST) Received: from LOCLAP699.rst-01.locus ([208.195.13.130]) by smtp.gmail.com with ESMTPSA id pj36-20020a05620a1da400b00787fd080d28sm697415qkn.74.2024.02.29.09.07.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Feb 2024 09:07:42 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood , Alex Radocea Subject: [PATCH 3/5] p2putil: fix crash/remove side effect parsing adv service info Date: Thu, 29 Feb 2024 09:07:32 -0800 Message-Id: <20240229170734.1498918-3-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240229170734.1498918-1-prestwoj@gmail.com> References: <20240229170734.1498918-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The input queue pointer was being initialized unconditionally so if parsing fails the out pointer is still set after the queue is destroyed. This causes a crash during cleanup. Instead use a temporary pointer while parsing and only after parsing has finished do we set the out pointer. Reported-By: Alex Radocea --- src/p2putil.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/p2putil.c b/src/p2putil.c index 5313b34c..faf151a5 100644 --- a/src/p2putil.c +++ b/src/p2putil.c @@ -541,7 +541,8 @@ static void p2p_clear_advertised_service_descriptor(void *data) static bool extract_p2p_advertised_service_info(const uint8_t *attr, size_t len, void *data) { - struct l_queue **out = data; + struct l_queue **q = data; + struct l_queue *out = NULL; while (len) { struct p2p_advertised_service_descriptor *desc; @@ -557,11 +558,11 @@ static bool extract_p2p_advertised_service_info(const uint8_t *attr, size_t len, if (!l_utf8_validate((const char *) attr + 7, name_len, NULL)) goto error; - if (!*out) - *out = l_queue_new(); + if (!out) + out = l_queue_new(); desc = l_new(struct p2p_advertised_service_descriptor, 1); - l_queue_push_tail(*out, desc); + l_queue_push_tail(out, desc); desc->advertisement_id = l_get_le32(attr + 0); desc->wsc_config_methods = l_get_be16(attr + 4); @@ -572,10 +573,12 @@ static bool extract_p2p_advertised_service_info(const uint8_t *attr, size_t len, len -= 7 + name_len; } + *q = out; + return true; error: - l_queue_destroy(*out, p2p_clear_advertised_service_descriptor); + l_queue_destroy(out, p2p_clear_advertised_service_descriptor); return false; } From patchwork Thu Feb 29 17:07:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13577452 Received: from mail-qk1-f180.google.com (mail-qk1-f180.google.com [209.85.222.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2BB04383BB for ; Thu, 29 Feb 2024 17:07:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709226466; cv=none; b=hNu+ZyEgwCZYe/rUOBYqLEqjwD5ob3F6kIPUBgiRFqoIChWZp0vKjnEiehnwnTTHtg/7aByWpg4mnLSFhHta544Ql/aS7WCXzENxAh2nRCGnSIHiJAxGznAWHvOK6e1HBPof0mDXgmpQbYkY7SIR+zGZukVP/3Y8sXOBRhP3SRE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709226466; c=relaxed/simple; bh=tE1oPQWVihS3KgRcp0W7qjXXYgvg9I24Pc0Q3cXcVcE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=dlUiz39NWoZ/NOqC7QiEQykBo5Z1BsprkMps/U5k1ykT2VS0283gitmz/2guybaDo3whMz6Jjg1yFGyar7+p0XhuVCmBDiR2STeCvHfTq+jcmKMAcEoO375DoMJ//aCHUQmgyD1jbJ/zVIG78H3kpnK01iHAQE41e4kB1GTS91g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=d8IAmtCY; arc=none smtp.client-ip=209.85.222.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="d8IAmtCY" Received: by mail-qk1-f180.google.com with SMTP id af79cd13be357-787a843003eso76958985a.0 for ; Thu, 29 Feb 2024 09:07:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709226464; x=1709831264; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=yf773ksS3tov4wwzk+sbY6n8l5P0JeUuOe0/KuXJYJw=; b=d8IAmtCY6nik40iix8NsWSyGN/N6kYCsHnlUgL/ajtfQcaW/3QOoswtUF7l0PxPws7 9JwdnEQ9ATbEoC15qN31+fUGxJw9ub1teVs5aaWfruOnkF1igaZik0MromR4UeZdfdh/ mZsNjBIUfKamxeJJwxiuBKPxtRsrzHeBNyz2gy9iE0KTmZ+CUcopE6mod8nxVuuazKa/ Vmn4TPNe8bt6akRrvyitxyCLaPB2WV7n2phYLUW058bU+os5ulHvkwUFSZ+t0bGjQBv6 OKV8RMrx12lLYkH1N4MFy62UjFpWGGYSZuQjwZ2FpJXxzLAaxbNhmD5kwO7FF6PR84bn x/RQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709226464; x=1709831264; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yf773ksS3tov4wwzk+sbY6n8l5P0JeUuOe0/KuXJYJw=; b=kfKh9og86RcBMIedRjtpngpdH/kD58RLy3GeJMVd6GL8CB/naw/h2eW1YNR2RgKoMM bmDhxYrVz0vySkD2jf6t29sSEShdR1BfwPSq4mLMAQAMQZ1jprRT7wWMrjxt3tGTKb8z Y3Y+OonjkTVowBlXZfhdjifL39Yn80ciSxvdJ/dThwttsZ+jfdh5kM7Ma25ZF08+HtM7 KgyIzzwaBJo2u7BjLkmGSTrEN+FEZBc0m24GGuM4ipdfW19wF+RdBYCy+MMTEDu+L/U4 VjDse+nWz4kWYQUjmqjbsvwmf9i16yB35KXflqIXDIXh2xv+dsoXA7YuUr/o/r230Xgx pDlg== X-Gm-Message-State: AOJu0YwxFVotNJ8PwNK7GRM7LcJsxkqY0guQ18QSkfdUIQdiT0XncRdK yUeGBhg7cCG/fF/oqyr9j8+4O+w+tyO3xqrNo6qx6hj1y7UewTv0pcQlNPDY X-Google-Smtp-Source: AGHT+IHF0xkLYLOgsw2XWbFRj69US14RZ1yYMSAxg/a7E2yb+nFf9zQ3a0waoJRFzmfAjHIKh0azqw== X-Received: by 2002:a05:620a:2944:b0:787:fd70:77 with SMTP id n4-20020a05620a294400b00787fd700077mr2415119qkp.40.1709226463837; Thu, 29 Feb 2024 09:07:43 -0800 (PST) Received: from LOCLAP699.rst-01.locus ([208.195.13.130]) by smtp.gmail.com with ESMTPSA id pj36-20020a05620a1da400b00787fd080d28sm697415qkn.74.2024.02.29.09.07.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Feb 2024 09:07:43 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 4/5] p2putil: initialize all parsing structures to zero Date: Thu, 29 Feb 2024 09:07:33 -0800 Message-Id: <20240229170734.1498918-4-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240229170734.1498918-1-prestwoj@gmail.com> References: <20240229170734.1498918-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Since these are all stack variables they are not zero initialized. If parsing fails there may be invalid pointers within the structures which can get dereferenced by p2p_clear_* --- src/p2putil.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/p2putil.c b/src/p2putil.c index faf151a5..c90810e5 100644 --- a/src/p2putil.c +++ b/src/p2putil.c @@ -776,7 +776,7 @@ done: /* Section 4.2.1 */ int p2p_parse_beacon(const uint8_t *pdu, size_t len, struct p2p_beacon *out) { - struct p2p_beacon d = {}; + struct p2p_beacon d = {0}; int r; r = p2p_parse_attrs(pdu, len, @@ -797,7 +797,7 @@ int p2p_parse_beacon(const uint8_t *pdu, size_t len, struct p2p_beacon *out) int p2p_parse_probe_req(const uint8_t *pdu, size_t len, struct p2p_probe_req *out) { - struct p2p_probe_req d = {}; + struct p2p_probe_req d = {0}; int r; r = p2p_parse_attrs(pdu, len, @@ -828,7 +828,7 @@ int p2p_parse_probe_req(const uint8_t *pdu, size_t len, int p2p_parse_probe_resp(const uint8_t *pdu, size_t len, struct p2p_probe_resp *out) { - struct p2p_probe_resp d = {}; + struct p2p_probe_resp d = {0}; int r; r = p2p_parse_attrs(pdu, len, @@ -853,7 +853,7 @@ int p2p_parse_probe_resp(const uint8_t *pdu, size_t len, int p2p_parse_association_req(const uint8_t *pdu, size_t len, struct p2p_association_req *out) { - struct p2p_association_req d = {}; + struct p2p_association_req d = {0}; int r; r = p2p_parse_attrs(pdu, len, @@ -876,7 +876,7 @@ int p2p_parse_association_req(const uint8_t *pdu, size_t len, int p2p_parse_association_resp(const uint8_t *pdu, size_t len, struct p2p_association_resp *out) { - struct p2p_association_resp d = {}; + struct p2p_association_resp d = {0}; int r; r = p2p_parse_attrs(pdu, len, @@ -939,7 +939,7 @@ int p2p_parse_disassociation(const uint8_t *pdu, size_t len, int p2p_parse_go_negotiation_req(const uint8_t *pdu, size_t len, struct p2p_go_negotiation_req *out) { - struct p2p_go_negotiation_req d = {}; + struct p2p_go_negotiation_req d = {0}; int r; struct p2p_go_intent_attr go_intent; uint8_t *wsc_data; @@ -1001,7 +1001,7 @@ error: int p2p_parse_go_negotiation_resp(const uint8_t *pdu, size_t len, struct p2p_go_negotiation_resp *out) { - struct p2p_go_negotiation_resp d = {}; + struct p2p_go_negotiation_resp d = {0}; int r; struct p2p_go_intent_attr go_intent; uint8_t *wsc_data; @@ -1062,7 +1062,7 @@ error: int p2p_parse_go_negotiation_confirmation(const uint8_t *pdu, size_t len, struct p2p_go_negotiation_confirmation *out) { - struct p2p_go_negotiation_confirmation d = {}; + struct p2p_go_negotiation_confirmation d = {0}; int r; if (len < 1) @@ -1096,7 +1096,7 @@ error: int p2p_parse_invitation_req(const uint8_t *pdu, size_t len, struct p2p_invitation_req *out) { - struct p2p_invitation_req d = {}; + struct p2p_invitation_req d = {0}; int r; uint8_t *wsc_data; ssize_t wsc_len; @@ -1151,7 +1151,7 @@ error: int p2p_parse_invitation_resp(const uint8_t *pdu, size_t len, struct p2p_invitation_resp *out) { - struct p2p_invitation_resp d = {}; + struct p2p_invitation_resp d = {0}; int r; if (len < 1) @@ -1185,7 +1185,7 @@ error: int p2p_parse_device_disc_req(const uint8_t *pdu, size_t len, struct p2p_device_discoverability_req *out) { - struct p2p_device_discoverability_req d = {}; + struct p2p_device_discoverability_req d = {0}; int r; if (len < 1) @@ -1210,7 +1210,7 @@ int p2p_parse_device_disc_req(const uint8_t *pdu, size_t len, int p2p_parse_device_disc_resp(const uint8_t *pdu, size_t len, struct p2p_device_discoverability_resp *out) { - struct p2p_device_discoverability_resp d = {}; + struct p2p_device_discoverability_resp d = {0}; int r; if (len < 1) @@ -1234,7 +1234,7 @@ int p2p_parse_device_disc_resp(const uint8_t *pdu, size_t len, int p2p_parse_provision_disc_req(const uint8_t *pdu, size_t len, struct p2p_provision_discovery_req *out) { - struct p2p_provision_discovery_req d = {}; + struct p2p_provision_discovery_req d = {0}; int r; uint8_t *wsc_data; ssize_t wsc_len; @@ -1309,7 +1309,7 @@ error: int p2p_parse_provision_disc_resp(const uint8_t *pdu, size_t len, struct p2p_provision_discovery_resp *out) { - struct p2p_provision_discovery_resp d = {}; + struct p2p_provision_discovery_resp d = {0}; int r; uint8_t *wsc_data; ssize_t wsc_len; @@ -1389,7 +1389,7 @@ error: int p2p_parse_notice_of_absence(const uint8_t *pdu, size_t len, struct p2p_notice_of_absence *out) { - struct p2p_notice_of_absence d = {}; + struct p2p_notice_of_absence d = {0}; int r; if (len < 1) @@ -1411,7 +1411,7 @@ int p2p_parse_notice_of_absence(const uint8_t *pdu, size_t len, int p2p_parse_presence_req(const uint8_t *pdu, size_t len, struct p2p_presence_req *out) { - struct p2p_presence_req d = {}; + struct p2p_presence_req d = {0}; int r; if (len < 1) @@ -1437,7 +1437,7 @@ int p2p_parse_presence_req(const uint8_t *pdu, size_t len, int p2p_parse_presence_resp(const uint8_t *pdu, size_t len, struct p2p_presence_resp *out) { - struct p2p_presence_resp d = {}; + struct p2p_presence_resp d = {0}; int r; if (len < 1) From patchwork Thu Feb 29 17:07:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13577453 Received: from mail-qt1-f179.google.com (mail-qt1-f179.google.com [209.85.160.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 677B038DEA for ; Thu, 29 Feb 2024 17:07:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709226467; cv=none; b=NjlJgrU/7oCvHcjD8vM6PkJZLddteUC2JuE9CvY17luvUgWTfdBgJkKIJzNIRM8qmtqsl44vsALl/BP/22LELoUWEzZIY4+QB9jTs7fHI85gGav2IP51AcIjaY4m55J8I19cWyZJ87kUMvj1NhC7Pg7uI6cUsyqhDB8adCYPIlc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709226467; c=relaxed/simple; bh=wRYzg7yNMn9DQbF3UoF29TqwcvPYF9V6bNpt/QXS8wU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=XlQG6EJcGFrHpt6P/JkpwPoUflp3/K8XIQY1V0vZnGYqcJK8eBJfr9tBMx/Bls4XQ+Rp/+l0jj50gPwPS97GKp6TfgTkHyHlAEO+aPbFZIV1StWyTB4PmbigYwZlvB/8obrMiULj6FbY0gNpxrsWsxkc2gyWCR0/N898fldmaAs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=by5ESrh1; arc=none smtp.client-ip=209.85.160.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="by5ESrh1" Received: by mail-qt1-f179.google.com with SMTP id d75a77b69052e-42e4f706847so7495601cf.2 for ; Thu, 29 Feb 2024 09:07:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709226465; x=1709831265; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rDPK0JaDzZBZaoki4cfQ9zQ9FiyzXFmTKABH146snPQ=; b=by5ESrh1VlDkoVWKSwypjWdWsW5ujZI2Wg8wsOioVna2kJvUh5KVN2XMkKyDMnFkIH 4Msei4gcH9n1QnVbhZDqMJNzEZNWPS7N/jaVWixD5JXjukTKDVb1vdKcgTYHihz2QpFS ucT/YwTpJd9wohxjJLZbkrZESOgFMMmiTI2O1mX5KBiGBG9VSai1hnDWqXvvt0Qmen1F FtBRt5qugyI44UQfOItCNk/IHiCldEv7D2yKcewJJ/UrhYCLvi6bhjELNV0GMyHkqDJn lkseb4+8sm1ZRIdFiNrmZoWx7yCg8O0qY2a2zc9x9KKTszM1KItbRDJ7gQsmKNfYgJUS 96aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709226465; x=1709831265; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rDPK0JaDzZBZaoki4cfQ9zQ9FiyzXFmTKABH146snPQ=; b=tXOGJYFjSnBcyByTvJgOPKGrNRAFXAsXdJ/5b4KVULgGCNoho46nyI/wg1rjkNTzh8 fcjC60IegirNoBKPOLl6ZOSHPgUt8KhlNZ0eZ16uu79uDfUn6FIHXalpoOa/D4GsPEqt LcD61ltp6d52sOBp2rM2vT7l/4DcZfoVEDFcSAV1YVLMVqCyVJM/QrvTZhsUmzSTqcbB ttFNqBGZFjoaEZ7Znb/izEfPqN4C6xwIwq9yEjMSicUAZtf4yXrrC+5UDw5bveRlINF/ 6M0r9YUtvKM09TIlr7od4UHja54mSh3LqHd/DLTi84Qb4LIHRuODnPYVoQVTrtUBXnpl J4Fg== X-Gm-Message-State: AOJu0YwtY95DcanHdHxAq86heePAsKG6MLuCMAdqCkI6+izank2Z4DZt 7Gd/7rRVbX4j47AFWhgfZqhBTVta/NmlMdvgtlmtf3RGa58kiCbusXiDWo3b X-Google-Smtp-Source: AGHT+IGS8hKFIeKbUX3fCViPPScbjsmqaR2KGKtPPVZHlKdot3sLMj3yu6arKPJJGgbkiubaWncAhQ== X-Received: by 2002:ac8:6b06:0:b0:42e:b981:6f9a with SMTP id w6-20020ac86b06000000b0042eb9816f9amr2343528qts.45.1709226465107; Thu, 29 Feb 2024 09:07:45 -0800 (PST) Received: from LOCLAP699.rst-01.locus ([208.195.13.130]) by smtp.gmail.com with ESMTPSA id pj36-20020a05620a1da400b00787fd080d28sm697415qkn.74.2024.02.29.09.07.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Feb 2024 09:07:44 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood , Alex Radocea Subject: [PATCH 5/5] p2putil: check length of client info description Date: Thu, 29 Feb 2024 09:07:34 -0800 Message-Id: <20240229170734.1498918-5-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240229170734.1498918-1-prestwoj@gmail.com> References: <20240229170734.1498918-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 A length check was missing which could cause a out of bounds read. Co-authored-by: Alex Radocea --- src/p2putil.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/p2putil.c b/src/p2putil.c index c90810e5..d1f114d0 100644 --- a/src/p2putil.c +++ b/src/p2putil.c @@ -376,6 +376,9 @@ static bool extract_p2p_group_info(const uint8_t *attr, size_t len, desc = l_new(struct p2p_client_info_descriptor, 1); l_queue_push_tail(*out, desc); + if (desc_len < 24) + goto error; + memcpy(desc->device_addr, attr + 0, 6); memcpy(desc->interface_addr, attr + 6, 6); desc->device_caps = attr[12];