Skip to content

upstream: fix oss-fuzz issue #11095.#6220

Merged
htuch merged 5 commits intoenvoyproxy:masterfrom
ipuustin:oss-fuzz-11095
Mar 12, 2019
Merged

upstream: fix oss-fuzz issue #11095.#6220
htuch merged 5 commits intoenvoyproxy:masterfrom
ipuustin:oss-fuzz-11095

Conversation

@ipuustin
Copy link
Member

@ipuustin ipuustin commented Mar 8, 2019

Description:

Fix a crash found by oss-fuzz (see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11095). The bug is caused by trying to request IP information from a unix domain socket address.

Risk Level: low
Testing: local fuzzing and a regression test for HostDescriptionImpl constructor

ipuustin added 3 commits March 8, 2019 19:10
@ipuustin
upstream: fix oss-fuzz issue envoyproxy#11095.
74b4c33 
Do not attempt to read IP address information from a unix domain socket
address.

Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
@ipuustin
test: add fuzz test case to corpus.
21e7d1e 
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
@ipuustin
tests: add a test for HostDescriptionImpl constructor.
ba1e4d0 
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
mattklein123
mattklein123 reviewed Mar 10, 2019
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of silently dropping the port, should this actually be a config error and throw an exception? It seems like busted config to me? WDYT?

@mattklein123 mattklein123 self-assigned this Mar 10, 2019
@ipuustin
If health check address is misconfigured, throw exception.
d97a770 
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
@ipuustin
Copy link
Member Author

ipuustin commented Mar 11, 2019

Makes sense. I added a patch which does that.

@htuch htuch self-requested a review March 11, 2019 15:32
@htuch htuch self-assigned this Mar 11, 2019
htuch
htuch reviewed Mar 11, 2019
View reviewed changes
source/common/upstream/upstream_impl.h Outdated
// Setting the health check port to non-0 only works for IP-type addresses. Setting the port
// for a pipe address is a misconfiguration. Throw an exception.
throw EnvoyException(
fmt::format("Invalid host configuration: non-null port for non-IP address"));
Copy link
Member

@htuch htuch Mar 11, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: s/non-null/non-zero/

@htuch
Copy link
Member

htuch commented Mar 11, 2019

@ipuustin LGTM, but needs DCO fix https://github.com/envoyproxy/envoy/blob/master/CONTRIBUTING.md#fixing-dco

@htuch htuch added the waiting label Mar 12, 2019
@ipuustin
Change non-null port -> non-zero port.
c7d08b6 
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
@ipuustin
Copy link
Member Author

ipuustin commented Mar 12, 2019

/retest

@repokitteh-read-only
Copy link

repokitteh-read-only bot commented Mar 12, 2019

🔨 rebuilding ci/circleci: release (failed build)

🐱

Caused by: a #6220 (comment) was created by @ipuustin.

see: more, trace.

htuch
htuch approved these changes Mar 12, 2019
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. @ipuustin are you interested in more of these? I can open up some embargoed low criticality fuzzer bugs if so.

@htuch htuch merged commit 5982d11 into envoyproxy:master Mar 12, 2019
@ipuustin
Copy link
Member Author

ipuustin commented Mar 12, 2019

@htuch Sure, I can help with them. There's also still a bunch of already open ones in the fuzzer backlog.

spenceral added a commit to spenceral/envoy that referenced this pull request Mar 20, 2019
@spenceral
Merge branch 'master' into addl-cb-stats
d29d7b1 
* master: (59 commits)
  http fault: add response rate limit injection (envoyproxy#6267)
  xds: introduce initial_fetch_timeout option to limit initialization time (envoyproxy#6048)
  test: fix cpuset-threads tests (envoyproxy#6278)
  server: add an API for registering for notifications for server instance life… (envoyproxy#6254)
  remove remains of TestBase (envoyproxy#6286)
  dubbo_proxy: Implement the routing of Dubbo requests (envoyproxy#5973)
  Revert "stats: add new BoolIndicator stat type (envoyproxy#5813)" (envoyproxy#6280)
  runtime: codifying runtime guarded features (envoyproxy#6134)
  mysql_filter: fix integration test flakes (envoyproxy#6272)
  tls: update BoringSSL to debed9a4 (3683). (envoyproxy#6273)
  rewrite buffer implementation to eliminate evbuffer dependency (envoyproxy#5441)
  Remove the dependency from TimeSystem to libevent by using the Event::Scheduler abstraction as a delegate. (envoyproxy#6240)
  fuzz: fix use of literal in default initialization. (envoyproxy#6268)
  http: add HCM functionality required for rate limiting (envoyproxy#6242)
  Disable mysql_integration_test until it is deflaked. (envoyproxy#6250)
  test: use ipv6_only IPv6 addresses in custom cluster integration tests. (envoyproxy#6260)
  tracing: If parent span is propagated with empty string, it causes th… (envoyproxy#6263)
  upstream: fix oss-fuzz issue envoyproxy#11095. (envoyproxy#6220)
  Wire up panic mode subset to receive updates (envoyproxy#6221)
  docs: clarify xds docs with warming information (envoyproxy#6236)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattklein123 mattklein123 mattklein123 left review comments

+1 more reviewer

@htuch htuch htuch approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mattklein123 mattklein123

@htuch htuch

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ipuustin @htuch @mattklein123