gnrc_tftp: initialize unititialized 'tftp_context_t'

[miri64]

Contribution description

Fixes #11772.

Testing procedure

Follow procedure in #11772. It should succeed and also not run into a failed assertion. Also try the instruction in example/gnrc_tftp's README.

Issues/PRs references

Addresses #11772.

[miri64]

I'm not 100% sure about this one. There are also other sets of this variable below... However, I observed gnrc_udp_hdr_build() getting dst_port 0 with the fix above.

[miri64]

I pushed a fixup that I think is more correct.

[MrKevinWeiss]

For the testing procedure I needed to run the following echo AAMAAGZvb2Jhcg== | base64 -d | nc -6 -u 'fe80::680d:c6ff:fed2:1f3a%tapbr0' 69
I was able to fail it on master and this PR does fix it.

It looks good generally. Please squash.

[miri64]

I'm not sure this should be SRC_PORT... I'd like to do some personal testing for the "normal" operation first.

[MrKevinWeiss]

Please let me how to confirm then in the test procedure (or ping someone more knowledgeable).

[miri64]

Since the contributor that provided this is not active anymore, I'd say follow the README. Maybe also @bergzand has some input.

[bergzand]

Assuming my understanding of the protocol and the implementation here is sufficient, this .src_port is the UDP port used as source by RIOT and used as destination by the peer. Both should be ephermal ports specific for this connection.

Does it make sense to default it to something invalid/unconfigured? (Do we have something like that in gnrc?)

[miri64]

Assuming my understanding of the protocol and the implementation here is sufficient, this .src_port is the UDP port used as source by RIOT and used as destination by the peer. Both should be ephermal ports specific for this connection.

We are in server context here, so src_port should at least be GNRC_TFTP_DEFAULT_DST_PORT (which is the default TFTP port). Ephemeral ports in GNRC are part of the gnrc_sock implementation, which this implementation does not use :-/

Does it make sense to default it to something invalid/unconfigured? (Do we have something like that in gnrc?)

If I leave it unconfigured, the testing procedure in #11772 runs into an assertion here

RIOT/sys/net/gnrc/transport_layer/udp/gnrc_udp.c

Lines 283 to 286 in a01e70a

	gnrc_pktsnip_t *gnrc_udp_hdr_build(gnrc_pktsnip_t *payload, uint16_t src,
	uint16_t dst)
	{
	assert((src > 0) && (dst > 0));

from the call here

RIOT/sys/net/gnrc/application_layer/tftp/gnrc_tftp.c

Lines 967 to 969 in a01e70a

	src_port.u16 = ctxt->src_port;
	dst_port.u16 = ctxt->dst_port;
	udp = gnrc_udp_hdr_build(buf, src_port.u16, dst_port.u16);

This is the only application protocol purely based on GNRC (and as soon as we have async sock, I prefer to have it ported to sock_udp, but first we need to fix the bug ;-)).

[nmeum]

If I leave it unconfigured, the testing procedure in #11772 runs into an assertion here […]

You did leave it (dst_port) unconfigered in the merged version of your PR, right? Because doesn't this allow someone to crash a RIOT node running gnrc_tftp compiled with DEVELHELP = 1 by sending a crafted input?

[miri64]

Arghs, this must have gotten lost, when I squashed :(

[miri64]

Wait no, right. I moved the initialization to 2fce095, as _tftp_state_processes relied on certain configurations of ctxt->dst_port I was unsure about. I tested it with your crafted input, and it did not crash (the server was not responding anymore, because a legal input changed its port...., see #11778).

[nmeum]

I tested it with your crafted input, and it did not crash

My previous test input gets rejected due to the blocknum contained in it. If you compile with ENABLE_DEBUG you get (among other things):

tftp: not the packet we were waiting for, expected 1, received 0

If you change the blocknum in the test input gnrc_tftp crashes:

echo AAMAAWZvb2Jhcg | base64 -d | nc -u '[ip-address%tap0]' 69

Can you reproduces this or am I simply doing something wrong?

[miri64]

Yepp... Why did I touch this module -.- It's good that I deprecated it.

[miri64]

I just noticed, that the server does not response ever since the shift to gnrc_netif (same old problem: link-local address without a given interface). I'll try and see if I can at least fix it for the server (the client would require an API change).

[miri64]

I can at least be sure with the latest squash, that the assertion I ran into is avoided.

[miri64]

Ok. I added a fix for the link-local address problem I mentioned before, but now I see, that with the fix I can still cause the server to switch source port when I send @nmeum's test message :-/....

[miri64]

Ok. It is not the test message causing the port to switch, but the normal message. I'm for merging these fixes soonish and then deprecating the module, as it is obviously flawed and unused.

[MrKevinWeiss]

I retested. The fix still works. The docs make sense to me. Since this module will be deprecated soon anyways I think it will it would be good to have the fix in.

ACK.