Avoid triggering undefined behaviour (std::memset(nullptr, 0, 0)) if an invalid string is passed to DecodeSecret(…) #14242

pull practicalswift wants to merge 1 commits into bitcoin:master from practicalswift:ub-in-DecodeSecret changing 2 files +3 −2
  1. practicalswift commented at 2:33 pm on September 17, 2018: contributor

    Avoid triggering undefined behaviour (std::memset(nullptr, 0, 0)) if an invalid string is passed to DecodeSecret(...).

    Background reading: memcpy (and friends) with NULL pointers

    Steps to reproduce:

    0./configure --with-sanitizers=undefined && make check && ./test/functional/test_runner.py
  2. practicalswift commented at 2:34 pm on September 17, 2018: contributor
    Introduced in PR #11372 (119b0f85e2). Friendly ping @sipa – would you mind reviewing? :-)
  3. MarcoFalke commented at 4:30 pm on September 17, 2018: member
    Shouldn’t memory_cleanse be more robust in handling zero-length data?
  4. practicalswift commented at 7:16 pm on September 17, 2018: contributor
    @MarcoFalke Sure! Added a commit. Please re-review :-)
  5. in src/key_io.cpp:147 in ae17de59d2 outdated 
    141@@ -142,7 +142,9 @@ CKey DecodeSecret(const std::string& str)
142             key.Set(data.begin() + privkey_prefix.size(), data.begin() + privkey_prefix.size() + 32, compressed);
143         }
144     }
145-    memory_cleanse(data.data(), data.size());
146+    if (data.data()) {
147+        memory_cleanse(data.data(), data.size());
148+    }
    MarcoFalke commented at 10:59 pm on September 17, 2018:
    This check is no longer needed?
    fingera commented at 6:10 am on September 20, 2018:
    Notes If size() is 0, data() may or may not return a null pointer. https://en.cppreference.com/w/cpp/container/vector/data
  6. promag commented at 0:15 am on September 18, 2018: member

    Shouldn’t memory_cleanse be more robust in handling zero-length data? @MarcoFalke the same for memset?

    -0 ae17de5 because it changes memory_cleanse invariant.

    IMO should avoid the call to memory_cleanse.

  7. practicalswift force-pushed on Sep 18, 2018
  8. practicalswift commented at 4:35 am on September 18, 2018: contributor
    @MarcoFalke I think @promag has a good point. Now reverted to the original version.
  9. practicalswift commented at 4:35 am on September 18, 2018: contributor
    @promag Thanks for reviewing. Now updated. Please re-review :-)
  10. MarcoFalke referenced this in commit 1ba5583646 on Nov 5, 2018
  11. MarcoFalke commented at 8:11 pm on November 5, 2018: member
    Could remove the suppression from the file in contrib?
  12. MarcoFalke deleted a comment on Nov 5, 2018
  13. practicalswift force-pushed on Nov 6, 2018
  14. practicalswift commented at 11:26 pm on November 6, 2018: contributor

    @MarcoFalke Good point! Added commit 1cab4bb7e09c9d68e104460b67e5804848cd3c2e which removes UBSan suppression.

    Please re-review :-)

  15. DrahtBot commented at 9:48 pm on November 8, 2018: member

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #14239 (Avoid dividing by zero (undefined behaviour) in EstimateMedianVal (policy)/ConnectTip (validation)/CreateTransaction (wallet) by practicalswift)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  16. DrahtBot added the label Needs rebase on Nov 23, 2018
  17. practicalswift commented at 3:58 pm on November 23, 2018: contributor
    Rebased!
  18. practicalswift force-pushed on Nov 23, 2018
  19. DrahtBot removed the label Needs rebase on Nov 23, 2018
  20. in src/key_io.cpp:145 in f094aeb539 outdated 
    141@@ -142,7 +142,9 @@ CKey DecodeSecret(const std::string& str)
142             key.Set(data.begin() + privkey_prefix.size(), data.begin() + privkey_prefix.size() + 32, compressed);
143         }
144     }
145-    memory_cleanse(data.data(), data.size());
146+    if (data.data()) {
    luke-jr commented at 7:10 pm on December 19, 2018:
    We don’t need to memory_cleanse if data.size() is zero, right?
    MarcoFalke commented at 7:33 pm on December 19, 2018:
    C.f. ae17de5
    practicalswift commented at 4:03 pm on January 5, 2019:
    Now calling memory_cleanse only if data.data() != nullptr and data.size() > 0.
  21. practicalswift force-pushed on Jan 5, 2019
  22. practicalswift commented at 4:03 pm on January 5, 2019: contributor
    @luke-jr @promag @MarcoFalke Would you mind re-reviewing? :-)
  23. practicalswift commented at 7:58 pm on January 15, 2019: contributor
    @MarcoFalke Could this one get a release milestone? :-)
  24. MarcoFalke added this to the milestone 0.18.0 on Jan 15, 2019
  25. in src/key_io.cpp:145 in 524a876548 outdated 
    141@@ -142,7 +142,9 @@ CKey DecodeSecret(const std::string& str)
142             key.Set(data.begin() + privkey_prefix.size(), data.begin() + privkey_prefix.size() + 32, compressed);
143         }
144     }
145-    memory_cleanse(data.data(), data.size());
146+    if (data.data() != nullptr && data.size() > 0) {
    laanwj commented at 4:22 pm on February 6, 2019:
    seems like an !data.empty() check would be enough here?
  26. laanwj added the label Refactoring on Feb 6, 2019
  27. promag commented at 3:19 pm on February 7, 2019: member

    Agree with @laanwj, also (nit) could squash.

    utACK 524a876 otherwise.

  28. Avoid triggering undefined behaviour (std::memset(nullptr, 0, 0)) if an invalid string is passed to DecodeSecret(...) d855e4cac8
  29. practicalswift force-pushed on Feb 7, 2019
  30. practicalswift commented at 9:31 pm on February 7, 2019: contributor
    @laanwj @promag Good points. Fixed and squashed. Please re-review :-)
  31. promag commented at 9:33 pm on February 7, 2019: member
    utACK d855e4ca.
  32. laanwj merged this on Feb 8, 2019
  33. laanwj closed this on Feb 8, 2019
  34. laanwj referenced this in commit 6fc656a410 on Feb 8, 2019
  35. jasonbcox referenced this in commit 4210ed4fcc on Sep 13, 2019
  36. UdjinM6 referenced this in commit 4d691cbfd9 on Dec 25, 2020
  37. UdjinM6 referenced this in commit 2fbc0e0e8d on Dec 25, 2020
  38. UdjinM6 referenced this in commit 5cf45844d8 on Jan 8, 2021
  39. practicalswift deleted the branch on Apr 10, 2021
  40. pravblockc referenced this in commit a390bab2d5 on Aug 10, 2021
  41. pravblockc referenced this in commit 95e4d27ffd on Aug 14, 2021
  42. PastaPastaPasta referenced this in commit 1197a1f392 on Aug 16, 2021
  43. PastaPastaPasta referenced this in commit 857fae9277 on Aug 16, 2021
  44. pravblockc referenced this in commit eab19ffa5c on Aug 17, 2021
  45. pravblockc referenced this in commit 9341b3c0e6 on Aug 17, 2021
  46. PastaPastaPasta referenced this in commit 009f0059b9 on Aug 17, 2021
  47. PastaPastaPasta referenced this in commit b98e643250 on Aug 18, 2021
  48. pravblockc referenced this in commit 02bbb4228f on Aug 18, 2021
  49. pravblockc referenced this in commit 7ac0213b1e on Aug 19, 2021
  50. PastaPastaPasta referenced this in commit c4697213b2 on Aug 21, 2021
  51. gades referenced this in commit d9cea62049 on Apr 1, 2022
  52. gades referenced this in commit 7c4d74079c on Apr 20, 2022
  53. DrahtBot locked this on Aug 18, 2022


practicalswift MarcoFalke fingera promag DrahtBot luke-jr laanwj

Labels
Refactoring

Milestone
0.18.0

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-07-05 19:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me