Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

asymcute: Compare request message type when matching acknowledgement #18434

Merged
merged 1 commit into from
Aug 11, 2022
Merged

asymcute: Compare request message type when matching acknowledgement #18434

merged 1 commit into from
Aug 11, 2022

Conversation

nmeum
Copy link
Member

@nmeum nmeum commented Aug 10, 2022
edited
Loading

Contribution description

Currently, asymcute matches an MQTT-SN request to its acknowledgement using only the MsgId header. However, I strongly believe this to be insufficient as asymcute would thus also match a SUBACK to a prior PUBLISH request (for example) as long as the message ID matches. If this happens (e.g. because of a malicious MQTT-SN broker) then this can trigger various bugs in asymcute, e.g. due to incorrect casts of the req->arg void* pointer. To address this issue, this commit modifies _req_preprocess to also compare the request message type in addition to the message id.

Testing procedure

I haven't tested my fix extensively yet but existing tests should continue to work. Unfortunately, it also a bit difficult to provide a simple test setup for triggering this edge case.

Issues/PRs references

None.

@nmeum
asymcute: Compare request message type when matching acknowledgement
fb660db 
Currently, asymcute only matches an MQTT-SN request to its
acknowledgement using the MsgId header. However, I strongly believe
this to be insufficient as asymcute would thus also match a SUBACK
to a prior PUBLISH message (for example) as long as the message ID
matches. To address this issue, this commit modifies _req_preprocess
to also compare the request message type in addition to the message id.
@github-actions github-actions bot added Area: network Area: Networking Area: sys Area: System labels Aug 10, 2022
@benpicco benpicco added the Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) label Aug 10, 2022
maribu
maribu approved these changes Aug 10, 2022
View reviewed changes
Copy link
Member

@maribu maribu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK. Code change looks good, reasoning makes sense, and I trust your testing.

@maribu maribu added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Aug 10, 2022
@nmeum
Copy link
Member Author

nmeum commented Aug 10, 2022

ACK. Code change looks good, reasoning makes sense, and I trust your testing.

FYI: I found this with SymEx-VP so I haven't done any tests with a particular MQTT-SN broker implementation (yet).

@maribu
Copy link
Member

maribu commented Aug 10, 2022

OK, I guess I should test it prior hitting the merge button just to be sure, then. :)

@miri64
Copy link
Member

miri64 commented Aug 10, 2022

❗ This may cause a semantic merge conflict with #18433, once that is merged: _get_len() gains another parameter, so only trust Murdock if it has successfully build both with either of one in master (and check if the master Murdock used includes the other PR).

@miri64 miri64 mentioned this pull request Aug 10, 2022
Merged
@benpicco benpicco merged commit a93ba1e into RIOT-OS:master Aug 11, 2022
@miri64 miri64 mentioned this pull request Aug 11, 2022
Merged
@miri64 miri64 added the Process: needs backport Integration Process: The PR is required to be backported to a release or feature branch label Aug 11, 2022
@miri64
Copy link
Member

miri64 commented Aug 12, 2022

@nmeum can you please provide a backport to the 2022.07 branch, e.g. by using the dist/tools/backport_pr/backport_pr.py script

@nmeum nmeum mentioned this pull request Aug 12, 2022
Merged
@maribu maribu added this to the Release 2022.10 milestone Oct 14, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@maribu maribu maribu approved these changes

@miri64 miri64 Awaiting requested review from miri64 miri64 is a code owner

@haukepetersen haukepetersen Awaiting requested review from haukepetersen

@PeterKietzmann PeterKietzmann Awaiting requested review from PeterKietzmann PeterKietzmann is a code owner

@cgundogan cgundogan Awaiting requested review from cgundogan

Assignees
No one assigned
Labels
Area: network Area: Networking Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Process: needs backport Integration Process: The PR is required to be backported to a release or feature branch Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)
Projects
None yet
Milestone
Release 2022.10
Development

Successfully merging this pull request may close these issues.
4 participants
@nmeum @maribu @miri64 @benpicco