-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[posix] fix the snprintf buffer overflow issue #9251
Conversation
Based on the description of the function [snprintf](https://linux.die.net/man/3/vsnprintf), the return value of size or more means that the output was truncated. If the return value is larger than the buffer size and the code access the buffer using the return value as the buffer length, it causes the buffer overflow.
Size Report of OpenThread
|
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #9251 +/- ##
==========================================
+ Coverage 82.55% 83.49% +0.94%
==========================================
Files 553 529 -24
Lines 74922 70212 -4710
==========================================
- Hits 61849 58623 -3226
+ Misses 13073 11589 -1484
|
@@ -74,15 +74,21 @@ void GetFilename(Filename &aFilename, const char *aPattern) | |||
|
|||
int Daemon::OutputFormatV(const char *aFormat, va_list aArguments) | |||
{ | |||
char buf[OPENTHREAD_CONFIG_CLI_MAX_LINE_LENGTH + 1]; | |||
static constexpr char truncatedMsg[] = "(truncated ...)"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if this is necessary. I don't see this design in syslog's RFC. https://www.rfc-editor.org/rfc/rfc5424.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding a notification message to the end of the output message helps users know what happens to the output message in the ot-ctl
.
affc52e
to
4d13455
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks. 👍
Merge in WMN_STACKS/openthread from task/openthread/update-openthread-stack to develop/23q2 * commit 'ff0f00b6f4220bfc319648e48ee723119e24d1c3': (31 commits) [mesh-forwarder] add time-in-queue statistics collection feature (openthread#9170) [net-diag] define Child, Neighbor, and Child IPv6 Address List TLVs (openthread#8866) github-actions: bump github/codeql-action from 2.3.5 to 2.20.3 (openthread#9265) [time] update DistantFuture/Past() to exclude value half range apart (openthread#9263) [commissioner] simplify and fix scheduling of expiration timer (openthread#9262) [test] fix unused returned value warning in `test_hdlc` (openthread#9256) Bump grpcio from 1.20.1 to 1.53.0 in /tools/harness-simulation/harness (openthread#9257) [cli] fix `childsupervision` commands documentation (openthread#9201) [posix] fix the snprintf buffer overflow issue (openthread#9251) [mac] remove duplicated method for getting the MAC frame length (openthread#9254) [spinel] return error from `SaveFrame` if not enough space is available (openthread#9244) github-actions: bump actions/setup-python from 4.6.0 to 4.6.1 (openthread#9252) [routing-manager] `PdPrefixManager` to clear prefix bits when extending length (openthread#9249) [ncp] keep timeout zero during ramp-down in spinel `ADDRESS_CACHE_TABLE` (openthread#9247) [csl] add APIs to retrieve status (openthread#8793) [address-resolver] implement ramp-down mechanism for retry delay (openthread#9162) [routing-manager] determine route preference from parent link quality (openthread#9080) [mesh-forwarder] only mark Key ID Mode 0 and 1 as secure [posix] fix missing `nullptr` pointer check (openthread#9179) [examples] remove example platform redirects (openthread#9246) ...
…e3ff2-> e6df00d Merge in WMN_STACKS/openthread from task/openthread/update-openthread-commit to develop/23q4 * commit 'f534edb76e71a7d3b9f08beaa1c97050eeaf215f': (118 commits) OPENTHREAD-3388: Add iid-list option to radio_url. [mesh-forwarder] add time-in-queue statistics collection feature (openthread#9170) [net-diag] define Child, Neighbor, and Child IPv6 Address List TLVs (openthread#8866) github-actions: bump github/codeql-action from 2.3.5 to 2.20.3 (openthread#9265) [time] update DistantFuture/Past() to exclude value half range apart (openthread#9263) [commissioner] simplify and fix scheduling of expiration timer (openthread#9262) [test] fix unused returned value warning in `test_hdlc` (openthread#9256) Bump grpcio from 1.20.1 to 1.53.0 in /tools/harness-simulation/harness (openthread#9257) [cli] fix `childsupervision` commands documentation (openthread#9201) [posix] fix the snprintf buffer overflow issue (openthread#9251) [mac] remove duplicated method for getting the MAC frame length (openthread#9254) [spinel] return error from `SaveFrame` if not enough space is available (openthread#9244) github-actions: bump actions/setup-python from 4.6.0 to 4.6.1 (openthread#9252) [routing-manager] `PdPrefixManager` to clear prefix bits when extending length (openthread#9249) [ncp] keep timeout zero during ramp-down in spinel `ADDRESS_CACHE_TABLE` (openthread#9247) [csl] add APIs to retrieve status (openthread#8793) [address-resolver] implement ramp-down mechanism for retry delay (openthread#9162) [routing-manager] determine route preference from parent link quality (openthread#9080) [mesh-forwarder] only mark Key ID Mode 0 and 1 as secure [posix] fix missing `nullptr` pointer check (openthread#9179) ...
* upstream/main: [test] fix unused returned `error` warning in `test_message` (openthread#9496) [mesh-forwarder] remove message if no pending tx in `SendMessage()` (openthread#9495) [crypto-platform] fix build issue with mbedtls v3.5.0 (openthread#9492) [mle-router] add `RouterRoleTransition` nested class (openthread#9490) [routing-manager] include Stub Router flag in emitted RAs by BR (openthread#9486) [ip6] drop UDP datagrams from an untrusted origin to TMF port (openthread#9437) [mle] handle received Advertisements from `RxOnlyNeighbor` on FED (openthread#9484) [docs] fix typos in Doxygen documentation (openthread#9485) [mle] send data polls after Child ID Request ack (openthread#9264) [mle] simplify reattach on losing connectivity to leader (openthread#9479) [backbone-router] use `TimeTicker` directly to delay registration (openthread#9483) [bbr-local] simplify `AddService()` and its use (openthread#9477) [github-actions] fix the `codespell` version in `spell-check` job (openthread#9482) github-actions: bump actions/checkout from 4.0.0 to 4.1.0 (openthread#9476) [routing-manager] new config to use heap for `PrefixTable` entries (openthread#9455) [docs] Doxygen tags for CLI commands [`neighbor linkquality` — `networkidtimeout`] (openthread#9466) [nd6] add `RaFlagsExtOption` and track flags in received RAs (openthread#9448) [mle] simplify `ProcessRouteTlv()` call in `HandleAdvertisement()` (openthread#9465) [joiner] check for non-zero joiner UDP port before electing a joiner router (openthread#9445) [posix] address coverity warning: argument cannot be negative (openthread#9453) [ip6] update where `HandlePayload()` check `message` is not null (openthread#9462) [script] exclude `ot_testing` and `__pycache__` when building the OTBR docker (openthread#9457) [docs] adding Doxygen tags for CLIs `mac retries direct` - `mac send` (openthread#9451) [docs] add Doxygen tags for CLI commands (`macfilter rss add` - `macfilter rss remove`) (openthread#9442) [address-resolver] set minimum `kMaxNonEvictableSnoopedEntries` to `1` (openthread#9460) github-actions: bump github/codeql-action from 2.21.4 to 2.21.8 (openthread#9459) Revert "[nat64] enable discovering NAT64 AIL prefix for OpenWRT (openthread#9441)" (openthread#9458) [spinel] reset mState to kStateDisabled if recovering from kStateDisaled (openthread#9450) [tmf] set default snoop cache entry count to 1/16 of total (openthread#9440) [nat64] enable discovering NAT64 AIL prefix for OpenWRT (openthread#9441) [docs] add Doxygen tags for CLI commands (`macfilter` - `macfilter addr`) (openthread#9424) [border-agent] simplify `ForwardContext` allocation and ownership (openthread#9444) [posix] update the default channel masks in the configuration file (openthread#9443) [tcp] address uninitialized variable warning (openthread#9438) [cli] fix `ba state` output and conversion of state to string (openthread#9433) [border-agent] smaller enhancements (openthread#9432) github-actions: bump actions/checkout from 3.6.0 to 4.0.0 (openthread#9429) [spinel] save MAC frame counter to a local variable (openthread#9407) [posix] add channel mask configurations to configuration file (openthread#9391) [firewall] implement packet filtering in OT core (openthread#9402) [netdata] remove unallocated router ID entries on recovery after reset (openthread#9421) [posix] add a flag to turn posix multicast routing feature on/off (openthread#9412) [docs] add Doxygen tags for CLI commands (`tvcheck` - `unsecure`) (openthread#9419) [url] add methods to parse parameters from url (openthread#9392) [mac] fix channel switching issue during energy scan (openthread#9405) [address-resolver] remove cache entry if its RLOC16 is unreachable (openthread#9411) [include] remove include of core config file (openthread#9417) [csl] ignore zero valued CSL IE period (openthread#9414) [mac] document and adjust to standards based timing concepts (openthread#9322) github-actions: bump actions/setup-go from 4.0.1 to 4.1.0 (openthread#9413) [mle] suppress Announce response to orphan child on same channel and PAN ID (openthread#9388) [cli] add Doxygen tags to all `trel` commands (openthread#9406) [docs] CLI updates (openthread#9401) [srp-server] process completed update from proxy from taskelt (openthread#9398) [script] `check-size` to generate formatted table on push (openthread#9382) [data-poll-handler] reset tx attempts when replacing a frame (openthread#9397) github-actions: bump actions/checkout from 3.5.3 to 3.6.0 (openthread#9396) [link-metrics] implement link metrics manager (openthread#9375) [docs] added Doxygen tags to new CLIs (openthread#9384) [mle] add `OPENTHREAD_CONFIG_MLE_DEVICE_PROPERTY_LEADER_WEIGHT_ENABLE` (openthread#9387) [cli] fix RTT compiling issue (openthread#9385) [meshcop] print TLV State after receiving responses (openthread#9350) [core] add separate `neighbor.hpp`, `child.hpp`, and `router.hpp` (openthread#9376) [mesh-forwarder] update `aIp6Header` arg name to follow style guide (openthread#9378) github-actions: bump github/codeql-action from 2.20.3 to 2.21.4 (openthread#9377) [docs] add tags to new CLIs (openthread#9367) [script] update the `check-size` report (openthread#9368) [trel] bugfix for MAC security failure on key sequence change (openthread#9371) [cli] simplify `dataset` commands (openthread#9366) [docs] cli cmd doc updates (locate - log level) (openthread#9354) [tcplp] add support for TCP Fast Open (without cookie management) (openthread#9165) github-actions: bump step-security/harden-runner from 2.5.0 to 2.5.1 (openthread#9365) [mesh-forwarder] minimize use of default parameters in methods (openthread#9364) [posix] allow disabling CLI for daemon (openthread#9357) [dnssd-server] simplify resolving of query by proxy (openthread#9353) [dnssd-server] determine query type & simplify processing of query name (openthread#9349) [mac-frame] update `GenerateEnhAck()` to use `InitMacHeader()` (openthread#9338) [mle] reorganize MLE constants (openthread#9355) github-actions: bump actions/setup-python from 4.6.1 to 4.7.0 (openthread#9356) [mac-frame] update `InitMacFrame()` (openthread#9337) [cli] support RTT as cli interface (openthread#9148) [docs] added Doxygen tags to 4 CLIs (openthread#9352) [link-metrics] update link metrics callback parameter (openthread#9343) github-actions: bump docker/setup-buildx-action from 2.5.0 to 2.9.1 (openthread#9344) [posix] fix rcp reset flow in `ResetRcp` (openthread#9314) [mesh-forwarder] disallow new message eviction in `ApplyDirectTxQueueLimit()` (openthread#9348) [dns-client] handle multiple CNAME record in response (openthread#9339) [netdata] fix the source address check in `LeaderBase::RouteLookup()` (openthread#9335) [dnssd-server] simplifications and enhancements (openthread#9334) [dnssd-server] send response if `ResolveByUpstream()` fails (openthread#9331) [clang-tidy] fix `bugprone-too-small-loop-variable` warnings (openthread#9321) [spinel] networkInfo may not exist when recovering from RCP failure (openthread#9327) [mle] reorder `Mle` class member variables (openthread#9320) [thci] fix for ncs thci issues (openthread#9328) [docs] fix some typos (openthread#9324) github-actions: bump step-security/harden-runner from 2.4.1 to 2.5.0 (openthread#9325) [mle] change `protected` declarations as `private (openthread#9317) [mac-frame] check rx frame security level in `GenerateEnhAck()` (openthread#9315) [mle] update Avd trickle timer interval based on router neighbor count (openthread#9307) [link-metrics] verify neighbor state when processing messages (openthread#9311) [routing-manager] add `SetIfIndex` in `RoutingManager` (openthread#9305) [clang-tidy] move config to `.clang-tidy` file (openthread#9308) github-actions: bump step-security/harden-runner from 2.3.1 to 2.4.1 (openthread#9310) [srp-server] ensure `Host` is freed when committing with zero key-lease (openthread#9309) [cli] add docs for `detach` command (openthread#9303) [config] define separate project and platform core config header (openthread#9291) [mle] define separate `TxChallenge` and `RxChallenge` types (openthread#9304) [csl] update CSL public APIs to use microseconds unit for period (openthread#9285) [srp-server] simplify tracking of host key (openthread#9296) [srp-server] simplify `RemoveHost()` method (openthread#9295) [posix] loose check for NETLINK_EXT_ACK and NETLINK_CAP_ACK (openthread#9299) [posix] fix name of vendor-supplied target to `OT_POSIX_CONFIG_RCP_VENDOR_INTERFACE` (openthread#9297) [posix] replace RCP vendor extension find package with include command (openthread#9241) [random] remove mbedtls header from api (openthread#9286) [mle] simplify `HandleChildIdRequest()` (openthread#9292) [link-metrics] minimize the Link Metrics entry count for MTD (openthread#9188) [cmake] add macros to simplify CMake config definition (openthread#9288) [dnssd-server] skip additional records on a PTR query with multiple answers (openthread#9281) [posix] fix logging of netlink errors (openthread#9287) github-actions: bump docker/login-action from 2.1.0 to 2.2.0 (openthread#9289) [routing-manager] support Advertising PIO (AP) flag in published route (openthread#9274) [toranj] remove docs from test specific config headers (openthread#9276) [github-action] install `[email protected]` in `pretty` job (openthread#9279) [routing-manager] add `SetState()` in `OnLinkPrefixManager` (openthread#9273) [border-agent] fix struct typedef for `otBorderAgentId` (openthread#9277) [spinel] fix error code when waiting rcp response timeout (openthread#9278) [srp-server] simplify sub-type services (openthread#9208) [mle] ensure key sequence is updated in MLE responses (openthread#9271) [mesh-forwarder] add time-in-queue statistics collection feature (openthread#9170) [net-diag] define Child, Neighbor, and Child IPv6 Address List TLVs (openthread#8866) github-actions: bump github/codeql-action from 2.3.5 to 2.20.3 (openthread#9265) [time] update DistantFuture/Past() to exclude value half range apart (openthread#9263) [commissioner] simplify and fix scheduling of expiration timer (openthread#9262) [test] fix unused returned value warning in `test_hdlc` (openthread#9256) Bump grpcio from 1.20.1 to 1.53.0 in /tools/harness-simulation/harness (openthread#9257) [cli] fix `childsupervision` commands documentation (openthread#9201) [posix] fix the snprintf buffer overflow issue (openthread#9251) [mac] remove duplicated method for getting the MAC frame length (openthread#9254) [spinel] return error from `SaveFrame` if not enough space is available (openthread#9244) github-actions: bump actions/setup-python from 4.6.0 to 4.6.1 (openthread#9252) [routing-manager] `PdPrefixManager` to clear prefix bits when extending length (openthread#9249) [ncp] keep timeout zero during ramp-down in spinel `ADDRESS_CACHE_TABLE` (openthread#9247) [csl] add APIs to retrieve status (openthread#8793) [address-resolver] implement ramp-down mechanism for retry delay (openthread#9162) [routing-manager] determine route preference from parent link quality (openthread#9080) [mesh-forwarder] only mark Key ID Mode 0 and 1 as secure [posix] fix missing `nullptr` pointer check (openthread#9179) [examples] remove example platform redirects (openthread#9246) [build] cleanup autotools references (openthread#9242) [mac] move ack processing to `HandleTransmitDone()` (openthread#9245) [mle] delay router role downgrade on security policy change (openthread#9187) [dataset] add build option for `GenerateLocal` (openthread#9215) [dns] add `otDnsEncodeTxtData()` API (openthread#9214) [meshcop] fix compilation error mbedtls_base64_encode not defined (openthread#9206) [message] allow heap usage when using non-thread commissioning (openthread#9205) [build] remove autotools (openthread#9027) [message] remove child mask from message metadata in MTD (openthread#9213) [tmf] BRs default to 256 address cache entries (openthread#9078) [logging] fix print format related to infra netif logs (openthread#9212) [tests] properly configure operational dataset in BR tests (openthread#9209) [netdata] mechanism to detect & signal when network data gets full (openthread#9073) [toranj-cli] properly configure operational dataset (openthread#9207) [unit-test] properly configure operational dataset (openthread#9203) [srp-server] allow service instance label with dot character (openthread#9198) github-actions: bump ossf/scorecard-action from 2.1.3 to 2.2.0 (openthread#9204) [script] properly configure dataset in `check-posix-pty` (openthread#9202) [test] update unit test emulating radio (openthread#9200) [docs] add radio defgroup for proper documentation (openthread#9195) [csl] ensure child is synchronized when preparing a CSL transmission (openthread#9199) [otci] properly configure operational dataset (openthread#9190) [thread-cert] properly configure operational dataset (openthread#9189) [posix] add posix support for sending RA messages to routing manager (openthread#9160) [cli] expose `otLinkSetEnabled` (openthread#9193) github-actions: bump actions/checkout from 3.5.2 to 3.5.3 (openthread#9192) [expect] properly configure operational dataset (openthread#9183) [thci] revert spellcheck in THCI method names (openthread#9175) [coap] fix minor typo (openthread#9180) [netif] simplify signaling address events (openthread#9173) [mac] enable/disable radio together with MAC (openthread#9156) [cli] add command to get tcp results (openthread#9142) [radio] add radio statistics of tx/rx/sleep cycle (openthread#9071) [routing-manager] remove unnecessary `kOnMeshPrefixLength` decl (openthread#9176) [spinel] move `SpiFrame` implementation to spi_frame.hpp (openthread#9151) [cli] update `OutputEidCacheEntry()` (openthread#9171) [mesh-diag] fix initializing of `mEndOffset` in `ChildIterator` (openthread#9172) [routing-manager] require valid on-link prefix to be /64 (openthread#9167) [config] add `mesh_forwarder.h` config header file (openthread#9164) github-actions: bump codecov/codecov-action from 3.1.3 to 3.1.4 (openthread#9166) [spinel] move the `MultiFrameBuffer` implementation to multi_frame_buffer.hpp (openthread#9150) [mle] send unicast Link Request to 1.2 parent on router role promo (openthread#9154) [docs] cli cmd doc updates (mliid - multiradio neighbor) (openthread#9155) [toranj] update `build.sh` script to use Thread version 1.3.1 (openthread#9159) [csl] improved CSL debug logging (openthread#9040) [mle] restrict `otDeviceProperties` to version 1.3.1 or later (openthread#9157) [spinel] remove fetching the ncp dataset (openthread#9140) [cmake] fix OT_THREAD_VERSION comparison in CMake (openthread#9158) [bbr] simplify `DomainPrefixEvent` (openthread#9152) [routing-manager] initial PD support with platform generated RA (openthread#9050) [tlvs] new helper to find the start and end offsets of a TLV value (openthread#9144) [spinel] fix the non-virtual destructor error (openthread#9139) [posix] replace fd_sets with the mainloop context (openthread#9127) [logging] fix rtt logging not using defined buffer index (openthread#9133) [netif] use fix type to u8 for addr_gen_mode (openthread#9147) [mlr] use `Array<>` to track old registered MLR addresses (openthread#9134) [cli] add helper `ProcessEnableDisable()` methods (openthread#9138) [mle] simplify tracking of registered DUA address by child (openthread#9137) [posix] unify the spinel interface functions (openthread#9107) github-actions: bump actions/checkout from 3.3.0 to 3.5.2 (openthread#9132) [bbr] move BBR constants to related source files (openthread#9129) [cli] add CLI Backbone Router (`Bbr`) sub-module (openthread#9128) [sntp-client] smaller enhancements (openthread#9125) [github-actions] update ubuntu to 22.04 on `ot-commissioner` test (openthread#9130) [toranj] update `build.sh` script to use CMake for all builds (openthread#9115) [routing-manager] fix deprecating on-link prefix from inactive router (openthread#9121) [backbone-router] use `Clamp` to check MLR timeout value (openthread#9119) [core] use `Min()`, `Max()` to clip values (openthread#9117) [build] delete the removed child supervision config in `cmake-build` (openthread#9111) [posix] add unified platform API for setting NAT64 CIDR during runtime (openthread#8947) [link-quality] fix corner case of `ScaleRawValueToRssi` (openthread#9102) [posix] fix setting non-standard baudrate on mac (openthread#9090) [routing-manager] update logs (openthread#9095) [random] add `Fill<ObjectType>()` function (openthread#9097) [csl] fix 15.4-secured broadcast frames (openthread#9103) [posix] add Thread network default interface name configuration (openthread#9089) github-actions: bump github/codeql-action from 2.3.3 to 2.3.5 (openthread#9100) [radio] fix return code doc of link metrics api (openthread#9098) [docs] remove redundant "This method" and "This function" (openthread#9096) [cli] update documentation of `Process()` method in CLI sub-modules (openthread#9093) [cli] add CLI `MacFilter` sub-module (openthread#9088) [cli] add helper `OutputNat64Counters()` (openthread#9087) [tests] check whether the unreachable address is included in the DNS-SD response (openthread#9075) [uptime] requires UPTIME feature to be enabled on FTD build (openthread#9079) [alarm] `otPlatAlarm` requirements clarification (openthread#9067) [test] add code spell check and correct wrong spelling (openthread#9066) github-actions: bump actions/setup-go from 4.0.0 to 4.0.1 (openthread#9076) [notifier] add missing event in `EventToString()` (openthread#9072) [cli] add CLI DNS sub-module (openthread#9069) [core] add the instance id (openthread#9055) [cli] fix config check for "vendor" command (openthread#9068) [ncp] fix RegisterPeekPokeDelegates call (openthread#9064) [border-agent] set Border Agent ID via CLI (openthread#9049) [dns-client] new API resolve host and address (openthread#9054) [routing-manager] add `OmrPrefixManager` (openthread#9062) [csl] split min receive window into MHR ahead and after times (openthread#9041) [ip6] add `Tidy` method to `Ip6::Prefix` (openthread#9057) [cli] support adding vendor command list to cli apps (openthread#9001) [radio-spinel] add log on RCP timeout error during init (openthread#9059) [mle] echo back "Supervision TLV" in Child ID Response (openthread#9061) [tests] fix `routing_manager` unit tests (openthread#9053) [nat64] check OMR prefix when selecting favored NAT64 prefix (openthread#8995) github-actions: bump github/codeql-action from 2.2.12 to 2.3.3 (openthread#9051) Change-Id: Ib37b5a0813cc447220c822928d6a88ce8f435249
Based on the description of the function snprintf, the return value of size or more means that the output was truncated. If the return value is larger than the buffer size and the code access the buffer using the return value as the buffer length, it causes the buffer overflow.