From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/12861
Path: news.gmane.org!.POSTED!not-for-mail
From: Timo Teras <timo.teras@iki.fi>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: Endless loop in netlink_msg_to_ifaddr
Date: Wed, 30 May 2018 15:45:29 +0300
Message-ID: <20180530154529.0bf8f46b@vostro>
References: <CAHMF36G5xM=M7RqpmrixA32rB+G3a4L6Vem1Lh2Wp4hKMEoKpw@mail.gmail.com>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Trace: blaine.gmane.org 1527684220 22412 195.159.176.226 (30 May 2018 12:43:40 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Wed, 30 May 2018 12:43:40 +0000 (UTC)
Cc: musl@lists.openwall.com
To: Matej Kupljen <matej.kupljen@gmail.com>
Original-X-From: musl-return-12877-gllmg-musl=m.gmane.org@lists.openwall.com Wed May 30 14:43:36 2018
Return-path: <musl-return-12877-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.84_2)
	(envelope-from <musl-return-12877-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1fO0Ry-0005iD-KH
	for gllmg-musl@m.gmane.org; Wed, 30 May 2018 14:43:34 +0200
Original-Received: (qmail 30505 invoked by uid 550); 30 May 2018 12:45:43 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 30466 invoked from network); 30 May 2018 12:45:42 -0000
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=nZSeNWoPQldHH8IpoLfg3X3c8dw07NJtNBFi2hn5YG8=;
        b=HGRzOhkaAMHR87ue8fLY0VhVAGiIKkEi7Pp7TDCLknxEyLnwqBBVPTm+/ltTuzz4NO
         0G37Hnq0/UBwn/Y7O9eRmAXFwshM9tiP/b+Y1+fRJvm/kevngiCc8NhtFjacWI5R3d6C
         I87TDdouWTmxBtFcbiii2w8PxHcyS1Y30MrvN9v8jZZcp1v8a+iohvMe+QfujMfeocYz
         ZsZclZ+yOZP17pk9+vNO1T0DB2itp35WSgkWib1OCSDOvelDgiuJTYtz/Yg6b+UqbJBE
         f2YBultJgMosvkMlu8MgJtAAhr+ug8jPod/Aqaq7JZ63jiBgvEo2ry66E7YOdRbpRiu6
         xdpQ==
X-Gm-Message-State: APt69E0yNmpINgGVUZkR3fiw4Ese/+7EdSr5OF1ll59k6Qqb2aFKSBW/
	OXh7tk2f1LIZWCNleU//aEY=
X-Google-Smtp-Source: ADUXVKJfHemGyDO97pDtI0A0pltHur7v7DqqSfbEoMAUvqfTTEb2DjxgYv8rsa6icoDUNogEvJDZVw==
X-Received: by 2002:ac8:190c:: with SMTP id t12-v6mr2391201qtj.278.1527684331083;
        Wed, 30 May 2018 05:45:31 -0700 (PDT)
In-Reply-To: <CAHMF36G5xM=M7RqpmrixA32rB+G3a4L6Vem1Lh2Wp4hKMEoKpw@mail.gmail.com>
X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-alpine-linux-musl)
Xref: news.gmane.org gmane.linux.lib.musl.general:12861
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/12861>

On Wed, 30 May 2018 11:57:03 +0200
Matej Kupljen <matej.kupljen@gmail.com> wrote:

> I am using OpenWRT device with MUSL C library version 1.1.19 and I am
> running custom binary on it. I noticed that during testing my program
> started using 99% CPU.
> I build OpenWRT myself so I have all the sources. I attached the
> gdbserver and checked what is going on.

Thanks for the report!

> As you can see the first message in netlink reply has a rta_len set
> to zero so the list is never traversed, only the first message is
> received every time.
> 
> I am not sure if this is the correct response from netlink, however
> the program is stucked here.
>
> Any ideas?
> Please CC me in reply.

That is invalid message to my understanding. Perhaps there's some new
extensions that allow it. Upstream (linux kernel) RTA_OK does do
additional checks against this situation.

The same issue probably affects if_nameindex.

I think the following should fix it:

diff --git a/src/network/netlink.h b/src/network/netlink.h
index 20700ac5..00dc7172 100644
--- a/src/network/netlink.h
+++ b/src/network/netlink.h
@@ -80,13 +80,13 @@ struct ifaddrmsg {
 #define NLMSG_DATALEN(nlh)	((nlh)->nlmsg_len-sizeof(struct nlmsghdr))
 #define NLMSG_DATAEND(nlh)	((char*)(nlh)+(nlh)->nlmsg_len)
 #define NLMSG_NEXT(nlh)		(struct nlmsghdr*)((char*)(nlh)+NETLINK_ALIGN((nlh)->nlmsg_len))
-#define NLMSG_OK(nlh,end)	((char*)(end)-(char*)(nlh) >= sizeof(struct nlmsghdr))
+#define NLMSG_OK(nlh,end)	((char*)(end)-(char*)(nlh) >= sizeof(struct nlmsghdr) && (nlh)->nlmsg_len >= sizeof(struct nlmsghdr))
 
 #define RTA_DATA(rta)		((void*)((char*)(rta)+sizeof(struct rtattr)))
 #define RTA_DATALEN(rta)	((rta)->rta_len-sizeof(struct rtattr))
 #define RTA_DATAEND(rta)	((char*)(rta)+(rta)->rta_len)
 #define RTA_NEXT(rta)		(struct rtattr*)((char*)(rta)+NETLINK_ALIGN((rta)->rta_len))
-#define RTA_OK(nlh,end)		((char*)(end)-(char*)(rta) >= sizeof(struct rtattr))
+#define RTA_OK(rta,end)		((char*)(end)-(char*)(rta) >= sizeof(struct rtattr) && (rta)->rta_len >= sizeof(struct rtattr))
 
 #define NLMSG_RTA(nlh,len)	((void*)((char*)(nlh)+sizeof(struct nlmsghdr)+NETLINK_ALIGN(len)))
 #define NLMSG_RTAOK(rta,nlh)	RTA_OK(rta,NLMSG_DATAEND(nlh))


Could you try if this fixes it?

You will probably need to 'make clean' or at least force recompilation
of src/network/{getifaddrs,if_nameindex,netlink}.c as the netlink.h
dependency is not picked up by the makefile automatically.

@dalias, if the above looks good to you, I am happy to submit properly
formatted git patch for it.

Thanks,
Timo