Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic when adding FlowspecComponentItem with to large value #2645

Closed
aelg opened this issue Apr 12, 2023 · 2 comments
Closed

Panic when adding FlowspecComponentItem with to large value #2645

aelg opened this issue Apr 12, 2023 · 2 comments

Comments

@aelg
Copy link
Contributor

aelg commented Apr 12, 2023

gobgpd panics with the following message below, when adding a flowspec-path with a 8-octet value
ie.

api.FlowSpecComponentItem{
	Op:    0,
	Value: uint64(math.MaxUint64),
}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x100a38e20]

goroutine 88 [running]:
github.com/osrg/gobgp/v3/pkg/packet/bgp.NewFlowSpecComponent(...)
	/Users/username/3pp/gobgp/pkg/packet/bgp/bgp.go:4534
github.com/osrg/gobgp/v3/pkg/apiutil.UnmarshalFlowSpecRules({0x14000386620, 0x3, 0x100e1a1f0?})
	/Users/username/3pp/gobgp/pkg/apiutil/attribute.go:656 +0x890
github.com/osrg/gobgp/v3/pkg/apiutil.UnmarshalNLRI(0x10086, 0x14000380a80?)
	/Users/username/3pp/gobgp/pkg/apiutil/attribute.go:1506 +0x11dc
github.com/osrg/gobgp/v3/pkg/apiutil.GetNativeNlri(0x1087df000?)
	/Users/username/3pp/gobgp/pkg/apiutil/util.go:106 +0x70
github.com/osrg/gobgp/v3/pkg/server.api2Path(0x0, 0x140000fdb00, 0x0)
	/Users/username/3pp/gobgp/pkg/server/grpc_server.go:308 +0xd0
github.com/osrg/gobgp/v3/pkg/server.(*server).AddPathStream(0x1400011e8a0, {0x100e21670, 0x14000385580})
	/Users/username/3pp/gobgp/pkg/server/grpc_server.go:406 +0x1e8
github.com/osrg/gobgp/v3/api._GobgpApi_AddPathStream_Handler({0x100e06040?, 0x1400011e8a0}, {0x100e1f7b0?, 0x140003567e0})
	/Users/username/3pp/gobgp/api/gobgp_grpc.pb.go:1562 +0x9c
google.golang.org/grpc.(*Server).processStreamingRPC(0x14000150000, {0x100e22460, 0x1400012a340}, 0x1400013fe60, 0x1400011e930, 0x1013216a0, 0x0)
	/Users/username/go/pkg/mod/google.golang.org/grpc@v1.51.0/server.go:1629 +0xf54
google.golang.org/grpc.(*Server).handleStream(0x14000150000, {0x100e22460, 0x1400012a340}, 0x1400013fe60, 0x0)
	/Users/username/go/pkg/mod/google.golang.org/grpc@v1.51.0/server.go:1717 +0x804
google.golang.org/grpc.(*Server).serveStreams.func1.2()
	/Users/username/go/pkg/mod/google.golang.org/grpc@v1.51.0/server.go:965 +0x84
created by google.golang.org/grpc.(*Server).serveStreams.func1
	/Users/username/go/pkg/mod/google.golang.org/grpc@v1.51.0/server.go:963 +0x290

I believe this is caused by NewFlowSpecComponentItem(op uint8, value uint64) returning nil, when it can't calculate a valid length-op for the given value. I think the order calculation is wrong.

order = func() uint32 {
		for i := 0; i < 3; i++ {
			if v.Value < (1 << ((1 << uint(i)) * 8)) {
				return uint32(i)
			}
		}
		// return invalid order
		return 4
	}()

The for loop never reaches order 3, but I also think there is an overflow error (1<<64) doesn't fit in uint64
@fujita
Copy link
Member

fujita commented Apr 12, 2023

Thanks, can you send a pull request to fix this bug?

aelg added a commit to aelg/gobgp that referenced this issue May 11, 2023
@aelg
fixes osrg#2645 Panic when adding FlowspecComponentItem with to large…
6c0d368 
… value
@aelg aelg mentioned this issue May 11, 2023
Closed
@aelg
Copy link
Contributor Author

aelg commented May 11, 2023

@fujita sorry got a bit delayed, but I did finally submit a PR just now.

@fujita fujita closed this as completed in 9c969eb May 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fujita @aelg