Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

asymcute: Compare request message type when matching acknowledgement #18434

Merged
merged 1 commit into from
Aug 11, 2022
Merged

asymcute: Compare request message type when matching acknowledgement #18434

merged 1 commit into from
Aug 11, 2022

Conversation

nmeum
Copy link
Member

@nmeum nmeum commented Aug 10, 2022
edited
Loading

Contribution description

Currently, asymcute matches an MQTT-SN request to its acknowledgement using only the MsgId header. However, I strongly believe this to be insufficient as asymcute would thus also match a SUBACK to a prior PUBLISH request (for example) as long as the message ID matches. If this happens (e.g. because of a malicious MQTT-SN broker) then this can trigger various bugs in asymcute, e.g. due to incorrect casts of the req->arg void* pointer. To address this issue, this commit modifies _req_preprocess to also compare the request message type in addition to the message id.

Testing procedure

I haven't tested my fix extensively yet but existing tests should continue to work. Unfortunately, it also a bit difficult to provide a simple test setup for triggering this edge case.

Issues/PRs references

None.

@nmeum
asymcute: Compare request message type when matching acknowledgement
fb660db 
Currently, asymcute only matches an MQTT-SN request to its
acknowledgement using the MsgId header. However, I strongly believe
this to be insufficient as asymcute would thus also match a SUBACK
to a prior PUBLISH message (for example) as long as the message ID
matches. To address this issue, this commit modifies _req_preprocess
to also compare the request message type in addition to the message id.
@github-actions github-actions bot added Area: network Area: Networking Area: sys Area: System labels Aug 10, 2022
@benpicco benpicco added the Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) label Aug 10, 2022
maribu
maribu approved these changes Aug 10, 2022
View reviewed changes
Copy link
Member

@maribu maribu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK. Code change looks good, reasoning makes sense, and I trust your testing.

@maribu maribu added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Aug 10, 2022
@nmeum
Copy link
Member Author

nmeum commented Aug 10, 2022

ACK. Code change looks good, reasoning makes sense, and I trust your testing.

FYI: I found this with SymEx-VP so I haven't done any tests with a particular MQTT-SN broker implementation (yet).

@maribu
Copy link
Member

maribu commented Aug 10, 2022

OK, I guess I should test it prior hitting the merge button just to be sure, then. :)

@miri64
Copy link
Member

miri64 commented Aug 10, 2022

❗ This may cause a semantic merge conflict with #18433, once that is merged: _get_len() gains another parameter, so only trust Murdock if it has successfully build both with either of one in master (and check if the master Murdock used includes the other PR).

@miri64 miri64 mentioned this pull request Aug 10, 2022
Merged
@benpicco benpicco merged commit a93ba1e into RIOT-OS:master Aug 11, 2022
@miri64 miri64 mentioned this pull request Aug 11, 2022
Merged
@miri64 miri64 added the Process: needs backport Integration Process: The PR is required to be backported to a release or feature branch label Aug 11, 2022
@miri64
Copy link
Member

miri64 commented Aug 12, 2022

@nmeum can you please provide a backport to the 2022.07 branch, e.g. by using the dist/tools/backport_pr/backport_pr.py script

@nmeum nmeum mentioned this pull request Aug 12, 2022
Merged
@maribu maribu added this to the Release 2022.10 milestone Oct 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maribu maribu maribu approved these changes

@miri64 miri64 Awaiting requested review from miri64 miri64 is a code owner

@haukepetersen haukepetersen Awaiting requested review from haukepetersen

@PeterKietzmann PeterKietzmann Awaiting requested review from PeterKietzmann PeterKietzmann is a code owner

@cgundogan cgundogan Awaiting requested review from cgundogan

Assignees
No one assigned
Labels
Area: network Area: Networking Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Process: needs backport Integration Process: The PR is required to be backported to a release or feature branch Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)
Projects
None yet
Milestone
Release 2022.10
Development

Successfully merging this pull request may close these issues.
4 participants
@nmeum @maribu @miri64 @benpicco