Skip to content

asymcute: Compare request message type when matching acknowledgement#18434

Merged
benpicco merged 1 commit intoRIOT-OS:masterfrom
nmeum:pr/asymcute-ack-typecheck
Aug 11, 2022
Merged

asymcute: Compare request message type when matching acknowledgement#18434
benpicco merged 1 commit intoRIOT-OS:masterfrom
nmeum:pr/asymcute-ack-typecheck

Conversation

@nmeum
Copy link
Copy Markdown
Member

@nmeum nmeum commented Aug 10, 2022
edited
Loading

Contribution description

Currently, asymcute matches an MQTT-SN request to its acknowledgement using only the MsgId header. However, I strongly believe this to be insufficient as asymcute would thus also match a SUBACK to a prior PUBLISH request (for example) as long as the message ID matches. If this happens (e.g. because of a malicious MQTT-SN broker) then this can trigger various bugs in asymcute, e.g. due to incorrect casts of the req->arg void* pointer. To address this issue, this commit modifies _req_preprocess to also compare the request message type in addition to the message id.

Testing procedure

I haven't tested my fix extensively yet but existing tests should continue to work. Unfortunately, it also a bit difficult to provide a simple test setup for triggering this edge case.

Issues/PRs references

None.

@nmeum
asymcute: Compare request message type when matching acknowledgement
fb660db 
Currently, asymcute only matches an MQTT-SN request to its
acknowledgement using the MsgId header. However, I strongly believe
this to be insufficient as asymcute would thus also match a SUBACK
to a prior PUBLISH message (for example) as long as the message ID
matches. To address this issue, this commit modifies _req_preprocess
to also compare the request message type in addition to the message id.
@github-actions github-actions bot added Area: network Area: Networking Area: sys Area: System labels Aug 10, 2022
@benpicco benpicco added the Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) label Aug 10, 2022
maribu
maribu approved these changes Aug 10, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@maribu maribu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK. Code change looks good, reasoning makes sense, and I trust your testing.

@maribu maribu added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Aug 10, 2022
@nmeum
Copy link
Copy Markdown
Member Author

nmeum commented Aug 10, 2022

ACK. Code change looks good, reasoning makes sense, and I trust your testing.

FYI: I found this with SymEx-VP so I haven't done any tests with a particular MQTT-SN broker implementation (yet).

@maribu
Copy link
Copy Markdown
Member

maribu commented Aug 10, 2022

OK, I guess I should test it prior hitting the merge button just to be sure, then. :)

@miri64
Copy link
Copy Markdown
Member

miri64 commented Aug 10, 2022

❗ This may cause a semantic merge conflict with #18433, once that is merged: _get_len() gains another parameter, so only trust Murdock if it has successfully build both with either of one in master (and check if the master Murdock used includes the other PR).

@miri64 miri64 mentioned this pull request Aug 10, 2022
Merged
@benpicco benpicco merged commit a93ba1e into RIOT-OS:master Aug 11, 2022
@miri64 miri64 mentioned this pull request Aug 11, 2022
Merged
@miri64 miri64 added the Process: needs backport Integration Process: The PR is required to be backported to a release or feature branch label Aug 11, 2022
@miri64
Copy link
Copy Markdown
Member

miri64 commented Aug 12, 2022

@nmeum can you please provide a backport to the 2022.07 branch, e.g. by using the dist/tools/backport_pr/backport_pr.py script

@nmeum nmeum mentioned this pull request Aug 12, 2022
Merged
@maribu maribu added this to the Release 2022.10 milestone Oct 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maribu maribu maribu approved these changes

@miri64 miri64 Awaiting requested review from miri64 miri64 is a code owner

@haukepetersen haukepetersen Awaiting requested review from haukepetersen

@PeterKietzmann PeterKietzmann Awaiting requested review from PeterKietzmann

@cgundogan cgundogan Awaiting requested review from cgundogan

Assignees

No one assigned

Labels

Area: network Area: Networking Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Process: needs backport Integration Process: The PR is required to be backported to a release or feature branch Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)

Projects

None yet

Milestone

Release 2022.10

Development

Successfully merging this pull request may close these issues.

4 participants

@nmeum @maribu @miri64 @benpicco