Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

aws: macos: prevent buffer overflow on address sanitier #7774

Merged

Conversation

cosmo0920
Copy link
Contributor

This issue is reported by addrress sanitizer on macOS.
On Linux, this isue won't be happened.

Test flb_get_s3_key_invalid_key_length...       [2023/07/31 17:50:07] [ warn] [s3_key] Object key length is longer than the 1024 character limit.
=================================================================
==67093==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x000109409580 at pc 0x000106924088 bp 0x00016b48e020 sp 0x00016b48d7e0
READ of size 1025 at 0x000109409580 thread T0
    #0 0x106924084 in wrap_strlen+0x164 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x18084) (BuildId: f0a7ac5c49bc3abc851181b6f92b308a32000000200000000100000000000b00)
    #1 0x1049899b0 in flb_get_s3_key flb_aws_util.c:923
    #2 0x10497fa18 in test_flb_get_s3_key_invalid_key_length aws_util.c:278
    #3 0x10497cbe8 in acutest_do_run_ acutest.h:1034
    #4 0x10497ab90 in acutest_run_ acutest.h:1130
    #5 0x1049779c8 in main acutest.h:1769
    #6 0x188db7f24  (<unknown module>)

0x000109409580 is located 0 bytes to the right of 1024-byte region [0x000109409180,0x000109409580)
allocated by thread T0 here:
    #0 0x10694f234 in wrap_calloc+0x9c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x43234) (BuildId: f0a7ac5c49bc3abc851181b6f92b308a32000000200000000100000000000b00)
    #1 0x104987270 in flb_calloc flb_mem.h:95
    #2 0x10498991c in flb_get_s3_key flb_aws_util.c:912
    #3 0x10497fa18 in test_flb_get_s3_key_invalid_key_length aws_util.c:278
    #4 0x10497cbe8 in acutest_do_run_ acutest.h:1034
    #5 0x10497ab90 in acutest_run_ acutest.h:1130
    #6 0x1049779c8 in main acutest.h:1769
    #7 0x188db7f24  (<unknown module>)

SUMMARY: AddressSanitizer: heap-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x18084) (BuildId: f0a7ac5c49bc3abc851181b6f92b308a32000000200000000100000000000b00) in wrap_strlen+0x164
Shadow bytes around the buggy address:
  0x0070212a1260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0070212a1270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0070212a1280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0070212a1290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0070212a12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0070212a12b0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0070212a12c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0070212a12d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0070212a12e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0070212a12f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0070212a1300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==67093==ABORTING
  Test interrupted by SIGABRT.

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change
  • Debug log output from testing the change
  • Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • Run local packaging test showing all targets (including any new ones) build.
  • Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • Documentation required for this feature

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

@cosmo0920 cosmo0920 temporarily deployed to pr July 31, 2023 08:54 — with GitHub Actions Inactive
@cosmo0920 cosmo0920 temporarily deployed to pr July 31, 2023 08:54 — with GitHub Actions Inactive
@cosmo0920 cosmo0920 temporarily deployed to pr July 31, 2023 08:54 — with GitHub Actions Inactive
@cosmo0920 cosmo0920 temporarily deployed to pr July 31, 2023 09:24 — with GitHub Actions Inactive
@cosmo0920 cosmo0920 marked this pull request as ready for review July 31, 2023 09:49
@cosmo0920 cosmo0920 requested a review from PettitWesley as a code owner July 31, 2023 09:49
@cosmo0920 cosmo0920 marked this pull request as draft July 31, 2023 13:30
…ffer for s3 key

This is because macOS's strlen complains buffer overflow due to
exceeding length of allocated buffers. To prevent this issue,
we need to allocate an adittional +1 length of char type of buffer.

Signed-off-by: Hiroshi Hatake <[email protected]>
@cosmo0920 cosmo0920 force-pushed the cosmo0920-prevent-buffer-overflow-on-address-sanitier-on-macos branch from 3fe9c29 to 11fadf6 Compare July 31, 2023 14:03
@cosmo0920 cosmo0920 temporarily deployed to pr July 31, 2023 14:03 — with GitHub Actions Inactive
@cosmo0920 cosmo0920 temporarily deployed to pr July 31, 2023 14:03 — with GitHub Actions Inactive
@cosmo0920 cosmo0920 temporarily deployed to pr July 31, 2023 14:03 — with GitHub Actions Inactive
@cosmo0920 cosmo0920 marked this pull request as ready for review July 31, 2023 14:05
@cosmo0920 cosmo0920 temporarily deployed to pr July 31, 2023 14:32 — with GitHub Actions Inactive
@edsiper edsiper merged commit ad6b5de into master Aug 11, 2023
@edsiper edsiper deleted the cosmo0920-prevent-buffer-overflow-on-address-sanitier-on-macos branch August 11, 2023 13:55
@MrPibody7 MrPibody7 added this to the Fluent Bit v2.1.9 milestone Aug 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants