Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Avoid memcpy-ing structs into onion ping id data. #2687

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: Avoid memcpy-ing structs into onion ping id data. #2687

wants to merge 1 commit into from

Conversation

iphydf
Copy link
Member

@iphydf iphydf commented Feb 14, 2024
edited
Loading

Although it is only ever read back on the machine it originated from, it's bad practice and we should not make our protocol have system-specific undefined padding bytes in it.

Found by TokTok/hs-tokstyle#252

This change is Reviewable

@iphydf iphydf added this to the v0.2.20 milestone Feb 14, 2024
@codecov Codecov
Copy link

codecov bot commented Feb 14, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.14%. Comparing base (41fb183) to head (0f72a4c).
Report is 8 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2687      +/-   ##
==========================================
+ Coverage   72.89%   73.14%   +0.24%     
==========================================
  Files         149      149              
  Lines       30570    30565       -5     
==========================================
+ Hits        22285    22357      +72     
+ Misses       8285     8208      -77

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@iphydf iphydf modified the milestones: v0.2.20, v0.2.21 Nov 6, 2024
@github-actions github-actions bot added the bug Bug fix for the user, not a fix to a build script label Nov 20, 2024
@iphydf iphydf marked this pull request as ready for review November 27, 2024 19:35
@iphydf
fix: Avoid memcpy-ing structs into onion ping id data.
a40025d 
Although it is only ever read back on the machine it originated from,
it's bad practice and we should not make our protocol have
system-specific undefined padding bytes in it.
Green-Sky
Green-Sky reviewed Dec 17, 2024
View reviewed changes
toxcore/onion_announce.c
memcpy(ping_id_data, packet_public_key, CRYPTO_PUBLIC_KEY_SIZE);
memcpy(ping_id_data + CRYPTO_PUBLIC_KEY_SIZE, source, sizeof(*source));
const int packed_len = pack_ip_port(onion_a->log, &ping_id_data[CRYPTO_PUBLIC_KEY_SIZE], SIZE_IPPORT, source);
memzero(&ping_id_data[CRYPTO_PUBLIC_KEY_SIZE + packed_len], SIZE_IPPORT - packed_len);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

assert packed_len <= SIZE_IPPORT ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Green-Sky Green-Sky Green-Sky left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@iphydf iphydf

Labels
bug Bug fix for the user, not a fix to a build script
Projects
None yet
Milestone
v0.2.21
Development

Successfully merging this pull request may close these issues.
2 participants
@iphydf @Green-Sky