Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: UBSAN build and address out of bound reads #4440

Merged
merged 8 commits into from
Mar 15, 2024
Merged

refactor: UBSAN build and address out of bound reads #4440

merged 8 commits into from
Mar 15, 2024

Conversation

jmayclin
Copy link
Contributor

Resolved issues:

Relevant to #4438

Description of changes:

This commit adds an UBSAN option to our CMake build, which can be enabled with the following.

cmake . -B build -DUBSAN=ON

This also addresses some of the out-of-bounds errors that were occuring

/home/ec2-user/workspace/s2n-tls/tls/s2n_handshake_io.c:846:12: runtime error: index 32 out of bounds for type 'message_type_t[32]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/ec2-user/workspace/s2n-tls/tls/s2n_handshake_io.c:846:12 in

These errors were occuring because we were iterating over a two dimensional array with a single index value. This is correct only if you know that the two dimensional array is contiguous in memory, and that it is "row"-major.

Call-outs:

This does not solve all of the UB errors that UBSAN reports.

/home/ec2-user/workspace/s2n-tls/stuffer/s2n_stuffer.c:331:36: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/ec2-user/workspace/s2n-tls/stuffer/s2n_stuffer.c:331:36 in

I suspect that fixing this is going to break some of the cbmc/SAW stuff :(.

Once this is merged in, I plan to add a UBSAN codebuild job to prevent any regressions on this issue.

Testing:

This is currently only run locally. But while we chip away at these, it is useful to have a nice command to do it 😄

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jmayclin
refactor(test): avoid out-of-bounds access
fcc0d40 
This commit refactors our message type setting to avoid undefined
behavior
@jmayclin
add UBSAN option
65c06aa
@github-actions github-actions bot added the s2n-core team label Feb 24, 2024
@jmayclin jmayclin marked this pull request as ready for review February 26, 2024 17:35
goatgoose
goatgoose reviewed Mar 1, 2024
View reviewed changes
CMakeLists.txt Outdated Show resolved Hide resolved
tests/testlib/s2n_key_schedule_testlib.c Outdated Show resolved Hide resolved
@jmayclin
address pr feedback
95b67f3 
- remove unused compile definition in CMakeLists.txt
- add comment for test utility
@jmayclin jmayclin requested a review from goatgoose March 4, 2024 21:26
@jmayclin
address offline comments
003abe7 
- The whole behavior around the negoatiated flag was rather confusing,
  but it should no longer be used, since the connection_set_test_message
method will not automatically choose a coorrect handshake type.
@jmayclin jmayclin enabled auto-merge (squash) March 14, 2024 18:10
@jmayclin jmayclin disabled auto-merge March 14, 2024 21:53
@jmayclin jmayclin enabled auto-merge (squash) March 14, 2024 23:43
@jmayclin jmayclin merged commit 50a3f78 into aws:main Mar 15, 2024
31 checks passed
@jmayclin jmayclin mentioned this pull request Aug 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maddeleine maddeleine maddeleine approved these changes

@goatgoose goatgoose goatgoose approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jmayclin @goatgoose @maddeleine