Conversation
jserv
left a comment
jserv
left a comment
There was a problem hiding this comment.
Read https://cbea.ms/git-commit/ carefully and enforce the rules.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
ChuWeiChang
force-pushed
the
address-memory-leak-of-ifr-and-rt
branch
from
ac032d9 to
c835321
Compare
ChuWeiChang
force-pushed
the
address-memory-leak-of-ifr-and-rt
branch
from
c835321 to
0000992
Compare
jserv
left a comment
jserv
left a comment
There was a problem hiding this comment.
Improve English writing, per How to Write a Git Commit Message:
ChuWeiChang
force-pushed
the
address-memory-leak-of-ifr-and-rt
branch
from
0000992 to
0000df3
Compare
jserv
left a comment
jserv
left a comment
There was a problem hiding this comment.
The diagnosis is correct: the hand-rolled ifr was 32 bytes, struct ifreq on 64-bit is 40 (the ifmap union member has unsigned long). Using standard headers is the right direction.
Two issues to address before merging:
-
The PR title says "memory leaks" but this fixes a buffer overflow / stack corruption. Please retitle to match the (accurate) commit message.
-
The blank line between system includes and project includes (before
/* minislirp headers */) was intentional separation. Please keep it.
| @@ -1037,18 +1038,7 @@ int kbox_net_configure(const struct kbox_sysnrs *sysnrs) | |||
| return -1; | |||
There was a problem hiding this comment.
Every struct that crosses the lkl_syscall6 boundary in this codebase has a _Static_assert for size and critical offsets (see kbox_lkl_stat and kbox_open_how in lkl-wrap.h). This one should too:
_Static_assert(sizeof(struct ifreq) == 40,
"struct ifreq must be 40 bytes (64-bit Linux ABI)");| @@ -1064,8 +1054,8 @@ int kbox_net_configure(const struct kbox_sysnrs *sysnrs) | |||
|
|
|||
| /* 2. Set IP address via SIOCSIFADDR. */ | |||
There was a problem hiding this comment.
sa_data[2] is a magic offset that encodes knowledge of sockaddr_in layout without naming it. The original code had sin_family / sin_addr which were self-documenting. Cast to sockaddr_in * instead:
struct sockaddr_in *addr = (struct sockaddr_in *) &ifr.ifr_addr;
addr->sin_family = AF_INET;
inet_pton(AF_INET, GUEST_IP_STR, &addr->sin_addr);Same for the netmask block below.
| @@ -1093,28 +1083,7 @@ int kbox_net_configure(const struct kbox_sysnrs *sysnrs) | |||
| __atomic_store_n(&net_ready, 1, __ATOMIC_RELEASE); | |||
There was a problem hiding this comment.
Same as ifreq -- add a _Static_assert for sizeof(struct rtentry). The old hand-rolled struct was missing rt_window and rt_irtt, so the size difference is the whole reason this needed fixing. Pin it so it cannot silently drift.
ChuWeiChang
force-pushed
the
address-memory-leak-of-ifr-and-rt
branch
from
0000df3 to
00008f0
Compare
Replace custom, hardcoded definitions of 'ifr' and 'rt'
with standard Linux headers.
The previous custom structures caused AddressSanitizer
(ASan) triggers due to memory mismatches:
- Architecture Mismatch: The hardcoded 'ifr' struct
was fixed at 32 bytes, whereas 64-bit architectures
expect 40 bytes. This resulted in an 8-byte overflow
during LKL calls.
- Incomplete Definition: The 'rt' struct was missing
standard fields (rt_window and rt_irtt), leading
to incorrect memory offsets and subsequent stack corruption.
By using <net/if.h> and <net/route.h>, we ensure field alignment
across different host architectures, resolving the buffer overflow
and improving overall portability.
Resolves: sysprog21#33
Change-Id: If6e7a8ea33ba4957a87e3a30ebac04229b1896dd
ChuWeiChang
force-pushed
the
address-memory-leak-of-ifr-and-rt
branch
from
00008f0 to
000008f
Compare
jserv
left a comment
jserv
left a comment
There was a problem hiding this comment.
Improve git commit messages by avoiding unintended indentations and clearly addressing the rationale.
2 participants
This PR addresses the buffer overflow reported in #33.
ifrandrtstructures` is modified to match the standard Linux kernel definitions, ensuring that memory is correctly mapped.Summary by cubic
Fixes ASan crashes from buffer overflows in network setup by replacing custom
ifr/rtwith Linuxstruct ifreq/struct rtentryand using IPv4sockaddr_infor address, netmask, and default route. Ensures correct ABI on 64-bit and resolves #33.<net/if.h>/<net/route.h>and remove hardcoded structs; previousifreqsize (32) and missingrtfields caused an 8-byte overflow and stack corruption.ifr.ifr_addrviasockaddr_inand initialize routes withAF_INET; add_Static_assertchecks (ifreq=40,rtentry=120) to guard ABI.Written for commit 000008f. Summary will update on new commits.