Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reclaim one byte from HeaderString. #6826

Merged
merged 2 commits into from
May 7, 2019
Merged

Reclaim one byte from HeaderString. #6826

merged 2 commits into from
May 7, 2019

Conversation

dnoe
Copy link
Contributor

@dnoe dnoe commented May 6, 2019

Description:

With conversion to getStringView() access there is no longer any need to
reserve a NUL byte at the end of the HeaderString since all accesses
will be through string_views which are not required to be NUL
terminated.

Ran bazel test -c opt //test/... --config=asan --runs_per_test=10
without issue. There is some risk that someone has or will abuse the
data() accessor on a string_view assuming it is NUL terminated. A
comment is added to emphasize that the HeaderString::getStringView() is
not NUL terminated.

By eliminating this wasted byte it is more likely that a HeaderString
will fit into the existing embedded space, hopefully giving a small
performance gain and reduction in memory allocations.

Signed-off-by: Dan Noé [email protected]

Risk Level: Medium
Testing: bazel test -c opt //test/... --config=asan --runs_per_test=10
Docs Changes: None
Release Notes: None
Part of: Issue #6580

mattklein123
mattklein123 requested changes May 6, 2019
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice thanks for doing all of these follow ups. I assume you audited all calls to make sure we aren't using data() anywhere in the existing code? I know we caught some last time.

/wait

source/common/http/header_map_impl.cc Show resolved Hide resolved
dnoe added 2 commits May 7, 2019 12:18
@dnoe
Reclaim one byte from HeaderString.
87df61c 
With conversion to getStringView() access there is no longer any need to
reserve a NUL byte at the end of the HeaderString since all accesses
will be through string_views which are not required to be NUL
terminated.

Ran bazel test -c opt //test/... --config=asan --runs_per_test=10
without issue. There is some risk that someone has or will abuse the
data() accessor on a string_view assuming it is NUL terminated. A
comment is added to emphasize that the HeaderString::getStringView() is
not NUL terminated.

By eliminating this wasted byte it is more likely that a HeaderString
will fit into the existing embedded space, hopefully giving a small
performance gain and reduction in memory allocations.

Signed-off-by: Dan Noé <[email protected]>
@dnoe
Get rid of one more +1
16c6604 
Signed-off-by: Dan Noé <[email protected]>
@dnoe dnoe force-pushed the remove-headerstring-space-for-nul branch from 14cb6ca to 16c6604 Compare May 7, 2019 16:33
@dnoe
Copy link
Contributor Author

dnoe commented May 7, 2019

Sorry about the force push, somehow I screwed up my local branch trying to be smart. It should be the same two commits, so you can see the changes by looking at the second commit.

@dnoe
Copy link
Contributor Author

dnoe commented May 7, 2019

Manual inspection finds no mis-use of data() - all users are properly using data() in a context where the length is explicitly specified.

mattklein123
mattklein123 approved these changes May 7, 2019
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙏

@mattklein123 mattklein123 merged commit 977907d into envoyproxy:master May 7, 2019
@dnoe dnoe mentioned this pull request May 8, 2019
Open
htuch added a commit to htuch/envoy that referenced this pull request May 8, 2019
@htuch
Revert "Reclaim one byte from HeaderString. (envoyproxy#6826)"
74f9c69 
This is failing header_map_impl_fuzz due to memcpy heap buffer overflow and should be considered a
serious security issue. Given this was only introduced in the last day and does not affect any
release, a revert and bump is the consensus of Envoy security team.

This reverts commit 977907d.

Fixes oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14639.

Risk level: Low
Testing: Corpus entry added, bazel test //test/common/http:header_map_impl_fuzz_test --test_output=all -c dbg --config=clang-asan

Signed-off-by: Harvey Tuch <[email protected]>
htuch added a commit that referenced this pull request May 9, 2019
@htuch
Revert "Reclaim one byte from HeaderString. (#6826)" (#6864)
3c76057 
This is failing header_map_impl_fuzz due to memcpy heap buffer overflow and should be considered a
serious security issue. Given this was only introduced in the last day and does not affect any
release, a revert and bump is the consensus of Envoy security team.

This reverts commit 977907d.

Fixes oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14639.

Risk level: Low
Testing: Corpus entry added, bazel test //test/common/http:header_map_impl_fuzz_test --test_output=all -c dbg --config=clang-asan

Signed-off-by: Harvey Tuch <[email protected]>
@htuch htuch mentioned this pull request May 9, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattklein123 mattklein123 mattklein123 approved these changes

Assignees

@mattklein123 mattklein123

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dnoe @mattklein123