Conversation
Signed-off-by: chaoqin-li1123 <chaoqinli@google.com>
Signed-off-by: chaoqin-li1123 <chaoqinli@google.com>
Signed-off-by: chaoqin-li1123 <chaoqinli@google.com>
Signed-off-by: chaoqin-li1123 <chaoqinli@google.com>
|
Could you please add the link to the bug in Fixes description? |
asraa
left a comment
asraa
left a comment
There was a problem hiding this comment.
Is there an easy way to test the refresh?
|
I don't know how to reproduce dns refresh in an easier way, we do have a few related fuzz bugs(35136, 34907) caused by this issue tho. |
|
/retest |
|
Retrying Azure Pipelines: |
|
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
github-actions
bot
added
the
stale
|
/retest |
|
Retrying Azure Pipelines: |
github-actions
bot
removed
the
stale
asraa
left a comment
asraa
left a comment
There was a problem hiding this comment.
@ggreenway can you please take a final pass? (or if you have any ideas for testing/or if this makes sense to you)
ggreenway
left a comment
ggreenway
left a comment
There was a problem hiding this comment.
I think that an integration test with a dns cluster, pointed at a non-existent tcp resolver, will reproduce the issue in an ASAN build. It looks like currently the options are usually on the stack of the caller. They are used the first time in DnsResolverImpl::DnsResolverImpl while the stack-based config is still in scope, but then they can be used again if (status == ARES_ECONNREFUSED). Can you try to add an integration test that fails without your fix?
/wait
Signed-off-by: chaoqin-li1123 <chaoqinli@google.com>
we can make the dns_resolver_options in DnsImplTest a variable on stack to create a regression asan test. |
| Network::Test::getCanonicalLoopbackAddress(GetParam())); | ||
| listener_ = dispatcher_->createListener(socket_, *server_, true); | ||
| updateDnsResolverOptions(); | ||
| envoy::config::core::v3::DnsResolverOptions dns_resolver_options = dns_resolver_options_; |
There was a problem hiding this comment.
Can you add a comment here explaining what we're testing by putting this on the stack?
There was a problem hiding this comment.
makes sense.
Signed-off-by: chaoqin-li1123 <chaoqinli@google.com>
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
* main: Fix for fuzz tests failing due to invalid corpus paths (envoyproxy#17767) kafka: fix integration test (envoyproxy#17764) Fix typo in cluster.proto (envoyproxy#17755) cluster manager: add drainConnections() API (envoyproxy#17747) kafka broker filter: move to contrib (envoyproxy#17750) quiche: switch external dependency to github (envoyproxy#17732) quiche: implement stream idle timeout in codec (envoyproxy#17674) Update c-ares to 1.17.2 (envoyproxy#17704) Fix dns resolve fuzz bug (envoyproxy#17107) Remove members that shadow members of the base class (envoyproxy#17713) thrift proxy: missing parts from the previous PR (envoyproxy#17668) thrift-proxy: cleanup ConnectionManager::ActiveRpc (envoyproxy#17734) listener: extra warning for deprecated use_proxy_proto field (envoyproxy#17736) kafka: add support for metadata request in mesh-filter (envoyproxy#17597) upstream: add all host map to priority set for fast host searching (envoyproxy#17290) Remove the support for `hidden_envoy_deprecated_per_filter_config` (envoyproxy#17725) tls: SDS support for private key providers (envoyproxy#16737) bazel: update rules_foreign_cc (envoyproxy#17445) Signed-off-by: Michael Puncel <mpuncel@squareup.com>
4 participants
Commit Message: The DNS resolver takes reference to a local variable as its member dns_resolver_options_, and may access invalid data during a DNS refresh, fix by copy the parameter in ctor of DnsResolverImpl.(https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35272)
Additional Description:NA
Risk Level:low
Testing:add fuzz corpus
Docs Changes:NA
Release Notes:NA
Platform Specific Features:NA
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]
[Optional API Considerations:]