Fix: Dynamic Stack Buffer Overflow #109
Conversation
• Copy Memory: Use copyMemory to transfer memory from the address to storage, ensuring no more than the allocated space is copied • Size Calculation: Ensure byteCount is calculated correctly with min(addrSize, storageSize)
chosa91
changed the title
chosa91
changed the title
|
Thanks for reporting this @chosa91 🙏🏻.
That said, I am keen to understand the best way to copy |
| @@ -180,4 +180,121 @@ final class SocketAddressTests: XCTestCase { | |||
| XCTAssertEqual($0, .unsupportedAddress) | |||
| } | |||
| } | |||
|
|
|||
| func testSockaddrInToStorageConversion() throws { | |||
There was a problem hiding this comment.
Do you think the existing tests within SocketAddressTests already cover these same things?
testAddress_DecodesIP4()testINET_ThrowsInvalidAddress_WhenFamilyIncorrect()testAddress_DecodesIP6()testINET6_ThrowsInvalidAddress_WhenFamilyIncorrect()testUnix_IsCorrectlyDecodedFromStorage()testUnix_ThrowsInvalidAddress_WhenFamilyIncorrect()
The existing makeStorage() is tested within the "decode" tests above. They are more of an encode/decode — they start with an address, call makeStorage() then convert back to the original address to assert the values are the same.
There was a problem hiding this comment.
Since they didn't run red, they should definitely be modified, if you think I'd better merge the tests. Since they run quite quickly, I thought it was no problem to validate the storage specific ones separately.
Tastes and slaps, I don't like overlapping test cases, however as our example shows, they can mask underlying-unit errors.
There was a problem hiding this comment.
Also, if we go along with the current solution, I would like to note that I have worded the tests differently, if you like, I would be happy to reword them to the existing style (with underscores).
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #109 +/- ##
==========================================
- Coverage 98.00% 97.77% -0.24%
==========================================
Files 55 55
Lines 2460 2467 +7
==========================================
+ Hits 2411 2412 +1
- Misses 49 55 +6 ☔ View full report in Codecov by Sentry. |
Sorry, I've missed this comment. It makes sense to get to the root of the problem. Feel free to use the content of my PR and close this. |
|
Thank you, I'll merge this PR then play my |
Given
FlyingFox: 0.14.0
Device: iPhone 15 iOS 17.5 (Simulator)
When
Turn on AddressSanitizer in Xcode.
Then
I've encountered a dynamic stack buffer overflow error.
Source of error:
FlyingFox/FlyingSocks/Sources/SocketAddress.swift
Lines 118 to 126 in 3d58c54
This is probably due to the program writes more data to a buffer located on the stack than it was allocated for, leading to memory corruption.
The
makeStorage()function is attempting to cast a socket address (sockaddr_in,sockaddr_in6, orsockaddr_un) to asockaddr_storageobject. The issue arises when the memory layout ofsockaddr_storagedoes not align with the original structure's layout, causing an overflow.