net: Don’t allow resolving of std::string with embedded NUL characters. Add tests. #17754

pull practicalswift wants to merge 3 commits into bitcoin:master from practicalswift:c_str-cleanup-netbase changing 13 files +99 −69
  1. practicalswift commented at 1:41 pm on December 16, 2019: contributor

    Don’t allow resolving of std::string:s with embedded NUL characters.

    Avoid using C-style NUL-terminated strings as arguments in the netbase interface

    Add tests.

    The only place in where C-style NUL-terminated strings are actually needed is here:

    0+    if (!ValidAsCString(name)) {
    1+        return false;
    2+    }
    3...
    4-    int nErr = getaddrinfo(pszName, nullptr, &aiHint, &aiRes);
    5+    int nErr = getaddrinfo(name.c_str(), nullptr, &aiHint, &aiRes);
    6     if (nErr)
    7         return false;
    

    Interface changes:

     0-bool LookupHost(const char *pszName, std::vector<CNetAddr>& vIP, unsigned int nMaxSolutions, bool fAllowLookup);
     1+bool LookupHost(const std::string& name, std::vector<CNetAddr>& vIP, unsigned int nMaxSolutions, bool fAllowLookup);
     2
     3-bool LookupHost(const char *pszName, CNetAddr& addr, bool fAllowLookup);
     4+bool LookupHost(const std::string& name, CNetAddr& addr, bool fAllowLookup);
     5
     6-bool Lookup(const char *pszName, CService& addr, int portDefault, bool fAllowLookup);
     7+bool Lookup(const std::string& name, CService& addr, int portDefault, bool fAllowLookup);
     8
     9-bool Lookup(const char *pszName, std::vector<CService>& vAddr, int portDefault, bool fAllowLookup, unsigned int nMaxSolutions);
    10+bool Lookup(const std::string& name, std::vector<CService>& vAddr, int portDefault, bool fAllowLookup, unsigned int nMaxSolutions);
    11
    12-bool LookupSubNet(const char *pszName, CSubNet& subnet);
    13+bool LookupSubNet(const std::string& strSubnet, CSubNet& subnet);
    14
    15-CService LookupNumeric(const char *pszName, int portDefault = 0);
    16+CService LookupNumeric(const std::string& name, int portDefault = 0);
    17
    18-bool ConnectThroughProxy(const proxyType &proxy, const std::string& strDest, int port, const SOCKET& hSocketRet, int nTimeout, bool *outProxyConnectionFailed);
    19+bool ConnectThroughProxy(const proxyType &proxy, const std::string& strDest, int port, const SOCKET& hSocketRet, int nTimeout, bool& outProxyConnectionFailed);
    

    It should be noted that the ConnectThroughProxy change (from bool *outProxyConnectionFailed to bool& outProxyConnectionFailed) has nothing to do with NUL handling but I thought it was worth doing when touching this file :)

  2. fanquake added the label P2P on Dec 16, 2019
  3. DrahtBot commented at 3:31 pm on December 16, 2019: member

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #17602 (net: Limit # of IPs learned from a DNS seed by family by dongcarl)
    • #17356 (RPC: Internal named params by luke-jr)
    • #17160 (refactor: net: subnet lookup: use single-result LookupHost() by theStack)
    • #16548 (Make the global flag fDiscover an instance variable of CConnman by mmachicao)
    • #16224 (gui: Bilingual GUI error messages by hebasto)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  4. elichai commented at 5:14 pm on December 16, 2019: contributor
    Concept ACK. It’s best to not use C style Strings whenever it’s possible, and if and when it’s required we should add sanity checks.
  5. instagibbs commented at 7:03 pm on December 16, 2019: member

    utACK a32d3ccefe008f098f435a0b01284d5711ee8768

    I always learn something new about implicit conversion in C++

  6. practicalswift renamed this:
    net: Don't allow resolving of std::string:s with embedded NUL characters. Add tests.
    net: Don't allow resolving of std::string with embedded NUL characters. Add tests.
    on Dec 17, 2019
  7. laanwj commented at 8:50 am on December 17, 2019: member
    Concept ACK Also gets rid of a lot of the remaining (unnecessary) c_str(). This is something I’ve been wanting to do for a long time but never dared.
  8. in src/test/netbase_tests.cpp:409 in a32d3ccefe outdated
    398@@ -400,4 +399,16 @@ BOOST_AUTO_TEST_CASE(netpermissions_test)
    399     BOOST_CHECK(std::find(strings.begin(), strings.end(), "mempool") != strings.end());
    400 }
    401 
    402+BOOST_AUTO_TEST_CASE(netbase_dont_resolve_strings_with_embedded_nul_characters)
    403+{
    404+    CNetAddr addr;
    405+    BOOST_CHECK(LookupHost(std::string("127.0.0.1", 9), addr, false));
    406+    BOOST_CHECK(!LookupHost(std::string("127.0.0.1\0example.com", 21), addr, false));
    


    promag commented at 12:32 pm on December 22, 2019:
    Could also test with embedded nul char at end.

    practicalswift commented at 3:57 pm on December 29, 2019:
    Good idea! Added such a case. Please re-review :)
  9. promag commented at 12:34 pm on December 22, 2019: member
    Code review ACK a32d3ccefe008f098f435a0b01284d5711ee8768.
  10. practicalswift force-pushed on Dec 29, 2019
  11. fanquake commented at 4:22 pm on December 29, 2019: member
  12. practicalswift force-pushed on Dec 29, 2019
  13. practicalswift force-pushed on Dec 29, 2019
  14. in src/test/netbase_tests.cpp:410 in 10ef76ffc7 outdated
    403+{
    404+    CNetAddr addr;
    405+    BOOST_CHECK(LookupHost(std::string("127.0.0.1", 9), addr, false));
    406+    BOOST_CHECK(!LookupHost(std::string("127.0.0.1\0", 10), addr, false));
    407+    BOOST_CHECK(!LookupHost(std::string("127.0.0.1\0example.com", 21), addr, false));
    408+    BOOST_CHECK(!LookupHost(std::string("127.0.0.1\0example.com\0", 22), addr, false));
    


    promag commented at 10:41 pm on December 29, 2019:
    nit, could drop the middle nul.

    EthanHeilman commented at 7:39 pm on January 2, 2020:
    To me the middle \0 seems like a useful case to check. Whats the benefit in dropping it?

    promag commented at 7:40 pm on January 2, 2020:
    already checked above.

    EthanHeilman commented at 8:00 pm on January 2, 2020:
    You mean that the test for BOOST_CHECK(!LookupHost(std::string("127.0.0.1\0", 10), addr, false)); is the same as the test for BOOST_CHECK(!LookupHost(std::string("127.0.0.1\0example.com", 21), addr, false));?
  15. promag commented at 10:41 pm on December 29, 2019: member
    ACK 10ef76ffc7ff7649786d441faabd66c1593427d5.
  16. EthanHeilman commented at 7:37 pm on January 2, 2020: contributor
    ACK clear code base improvement
  17. net: Avoid using C-style NUL-terminated strings as arguments in the netbase interface 9574de86ad
  18. tests: Add tests to make sure lookup methods fail on std::string parameters with embedded NUL characters fefb9165f2
  19. tests: Avoid using C-style NUL-terminated strings as arguments 7a046cdc14
  20. practicalswift force-pushed on Jan 8, 2020
  21. practicalswift commented at 12:37 pm on January 8, 2020: contributor
    Rebased to get rid of non-related Travis macOS failure! @promag @EthanHeilman Please re-review :)
  22. in src/net.cpp:436 in 7a046cdc14
    431@@ -432,7 +432,8 @@ CNode* CConnman::ConnectNode(CAddress addrConnect, const char *pszDest, bool fCo
    432         std::string host;
    433         int port = default_port;
    434         SplitHostPort(std::string(pszDest), port, host);
    435-        connected = ConnectThroughProxy(proxy, host, port, hSocket, nConnectTimeout, nullptr);
    436+        bool proxyConnectionFailed;
    437+        connected = ConnectThroughProxy(proxy, host, port, hSocket, nConnectTimeout, proxyConnectionFailed);
    


    EthanHeilman commented at 7:39 pm on January 8, 2020:
    It doesn’t especially relevant to this PR so this should block this PR but I noticed that proxyConnectionFailed is not checked in this call Does it make sense to create a ConnectThroughProxy method without the outProxyConnectionFailed parameter or should this call check proxyConnectionFailed like the prior call does?

    practicalswift commented at 10:19 pm on January 8, 2020:
    Good point! Let’s we tackle that in a separate follow-up PR to keep this one focused :)

    EthanHeilman commented at 10:20 pm on January 8, 2020:
    Agreed, I just wanted to make a note here so I didn’t forget.
  23. EthanHeilman commented at 8:01 pm on January 8, 2020: contributor
    ACK 7a046cdc1423963bdcbcf9bb98560af61fa90b37 I did not run any tests. I read through the code carefully, looking up behavior I didn’t understand. I don’t see any reasons not to merge.
  24. EthanHeilman approved
  25. fanquake requested review from promag on Jan 14, 2020
  26. practicalswift requested review from jamesob on Jan 14, 2020
  27. practicalswift requested review from laanwj on Jan 21, 2020
  28. laanwj commented at 7:20 pm on January 22, 2020: member

    ACK 7a046cdc1423963bdcbcf9bb98560af61fa90b37

    It should be noted that the ConnectThroughProxy change (from bool *outProxyConnectionFailed to bool& outProxyConnectionFailed) has nothing to do with NUL handling but I thought it was worth doing when touching this file :)

    FWIW I think such unrelated changes should generally be avoided (especially as part of the same commit). But I don’t mind it in this case, personally, and this has had enough review.

  29. laanwj referenced this in commit 1ae46dce60 on Jan 22, 2020
  30. laanwj merged this on Jan 22, 2020
  31. laanwj closed this on Jan 22, 2020

  32. sidhujag referenced this in commit fc9bd3b507 on Jan 24, 2020
  33. sidhujag referenced this in commit d7c10554c8 on Nov 10, 2020
  34. Fabcien referenced this in commit 4927fc4b11 on Dec 17, 2020
  35. Fabcien referenced this in commit fe17052580 on Dec 17, 2020
  36. Fabcien referenced this in commit a36894a1f1 on Dec 17, 2020
  37. practicalswift deleted the branch on Apr 10, 2021
  38. kittywhiskers referenced this in commit 466b153103 on May 22, 2021
  39. random-zebra referenced this in commit b4751e10ce on Aug 11, 2021
  40. PastaPastaPasta referenced this in commit bb5c622d20 on Apr 7, 2022
  41. Munkybooty referenced this in commit 4692725277 on Jun 25, 2022
  42. Munkybooty referenced this in commit 9c72faf959 on Aug 3, 2022
  43. knst referenced this in commit c6eeee341d on Aug 6, 2022
  44. DrahtBot locked this on Aug 16, 2022

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-18 12:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me