[SERVER-22944] The uasserts in rpc::makeRequest/Reply pass invalid NetworkOp's to str::stream() Created: 03/Mar/16  Updated: 16/Mar/16  Resolved: 03/Mar/16

Status: Closed
Project: Core Server
Component/s: Networking
Affects Version/s: 3.3.2
Fix Version/s: 3.3.3

Type: Bug Priority: Major - P3
Reporter: Mira Carey Assignee: Mira Carey
Resolution: Done Votes: 1
Labels: undefined-sanitizer
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

Run any NIA test under UBSAN

Sprint: Platforms 11 (03/11/16)
Participants:

 Description   

The MalformedMessageTest passes invalid NetworkOp values to str::stream()'s operator<<

src/mongo/util/mongoutils/str.h:61:15: runtime error: load of value 2222, which is not a valid value for type 'const mongo::NetworkOp'
    #0 0xa4689c in mongoutils::str::stream& mongoutils::str::stream::operator<< <mongo::NetworkOp>(mongo::NetworkOp const&) /home/jcarey/StorageGit/mongo/mongo/src/mongo/util/mongoutils/
    #1 0xa45911 in mongo::rpc::makeReply(mongo::Message const*) /home/jcarey/StorageGit/mongo/mongo/src/mongo/rpc/factory.cpp:75:37
    #2 0x9f7f8f in mongo::executor::(anonymous namespace)::decodeRPC(mongo::Message*, mongo::rpc::Protocol, std::chrono::duration<long, std::ratio<1l, 1000l> >, mongo::HostAndPort const&
    #3 0x9f7f8f in mongo::executor::NetworkInterfaceASIO::AsyncCommand::response(mongo::rpc::Protocol, mongo::Date_t, mongo::rpc::EgressMetadataHook*) /home/jcarey/StorageGit/mongo/mongo
    #4 0x9fbfb0 in mongo::executor::NetworkInterfaceASIO::_completedOpCallback(mongo::executor::NetworkInterfaceASIO::AsyncOp*) /home/jcarey/StorageGit/mongo/mongo/src/mongo/executor/net
    #5 0x9fd63b in mongo::executor::NetworkInterfaceASIO::_beginCommunication(mongo::executor::NetworkInterfaceASIO::AsyncOp*)::$_3::operator()(std::error_code, unsigned long) const::{la
    #6 0x9fd63b in void mongo::executor::NetworkInterfaceASIO::_validateAndRun<mongo::executor::NetworkInterfaceASIO::_beginCommunication(mongo::executor::NetworkInterfaceASIO::AsyncOp*)
    #7 0x9fd63b in mongo::executor::NetworkInterfaceASIO::_beginCommunication(mongo::executor::NetworkInterfaceASIO::AsyncOp*)::$_3::operator()(std::error_code, unsigned long) const /hom
    #8 0x9fd63b in std::_Function_handler<void (std::error_code, unsigned long), mongo::executor::NetworkInterfaceASIO::_beginCommunication(mongo::executor::NetworkInterfaceASIO::AsyncOp
    #9 0x756a23 in std::function<void (std::error_code, unsigned long)>::operator()(std::error_code, unsigned long) const /usr/bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.3.0/../../../..
    #10 0x756a23 in std::function<void (std::error_code, unsigned long)>::operator()(std::error_code, unsigned long) const /usr/bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.3.0/../../../.
    #11 0x744c6e in void mongo::executor::(anonymous namespace)::checkCanceled<std::function<void (std::error_code, unsigned long)> >(asio::io_service::strand*, mongo::executor::AsyncMoc
    #12 0x744c6e in void asio::asio_handler_invoke<void mongo::executor::(anonymous namespace)::checkCanceled<std::function<void (std::error_code, unsigned long)> >(asio::io_service::str
    #13 0x744c6e in void asio_handler_invoke_helpers::invoke<void mongo::executor::(anonymous namespace)::checkCanceled<std::function<void (std::error_code, unsigned long)> >(asio::io_se
    #14 0x744c6e in void asio::detail::handler_work<void mongo::executor::(anonymous namespace)::checkCanceled<std::function<void (std::error_code, unsigned long)> >(asio::io_service::st
    #15 0x744c6e in asio::detail::completion_handler<void mongo::executor::(anonymous namespace)::checkCanceled<std::function<void (std::error_code, unsigned long)> >(asio::io_service::s
    #16 0xb4b891 in asio::detail::scheduler_operation::complete(void*, std::error_code const&, unsigned long) /home/jcarey/StorageGit/mongo/mongo/src/third_party/asio-asio-1-11-0/asio/in
    #17 0xb4b891 in asio::detail::strand_service::do_complete(void*, asio::detail::scheduler_operation*, std::error_code const&, unsigned long) /home/jcarey/StorageGit/mongo/mongo/src/th
    #18 0xb441f6 in asio::detail::scheduler_operation::complete(void*, std::error_code const&, unsigned long) /home/jcarey/StorageGit/mongo/mongo/src/third_party/asio-asio-1-11-0/asio/in
    #19 0xb441f6 in asio::detail::scheduler::do_run_one(asio::detail::scoped_lock<asio::detail::posix_mutex>&, asio::detail::scheduler_thread_info&, std::error_code const&) /home/jcarey/
    #20 0xb3b654 in asio::detail::scheduler::run(std::error_code&) /home/jcarey/StorageGit/mongo/mongo/src/third_party/asio-asio-1-11-0/asio/include/asio/detail/impl/scheduler.ipp:146:10
    #21 0xb3b53a in asio::io_service::run() /home/jcarey/StorageGit/mongo/mongo/src/third_party/asio-asio-1-11-0/asio/include/asio/impl/io_service.ipp:60:19
    #22 0x9d9ed9 in mongo::executor::NetworkInterfaceASIO::startup()::$_0::operator()() const /home/jcarey/StorageGit/mongo/mongo/src/mongo/executor/network_interface_asio.cpp:149:17
    #23 0x9d9ed9 in void std::_Bind_simple<mongo::executor::NetworkInterfaceASIO::startup()::$_0 ()>::_M_invoke<>(std::_Index_tuple<>) /usr/bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.3.
    #24 0x9d9ed9 in std::_Bind_simple<mongo::executor::NetworkInterfaceASIO::startup()::$_0 ()>::operator()() /usr/bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.3.0/../../../../include/c++
    #25 0x9d9ed9 in std::thread::_Impl<std::_Bind_simple<mongo::executor::NetworkInterfaceASIO::startup()::$_0 ()> >::_M_run() /usr/bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.3.0/../../
    #26 0x7f51b2893c3f in execute_native_thread_routine /build/gcc-multilib/src/gcc-5-20160209/libstdc++-v3/src/c++11/thread.cc:84
    #27 0x7f51b25c5423 in start_thread (/usr/lib/libpthread.so.0+0x7423)
    #28 0x7f51b20eecbc in __clone (/usr/lib/libc.so.6+0xe7cbc)



 Comments   
Comment by Githook User [ 03/Mar/16 ]

Author:

{u'username': u'hanumantmk', u'name': u'Jason Carey', u'email': u'jcarey@argv.me'}

Message: SERVER-22944 Fix UB in rpc::makeRequest/Reply

We need to provide an underlying type to NetworkOp to avoid UB when
loading possibly bad bytes into it.
Branch: master
https://github.com/mongodb/mongo/commit/8f451aa7e402b815f77db259611291744184e65c

Generated at Thu Feb 08 04:01:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.