Hardcoded size for serialization buffers is neither reliable nor secure
Bug #1320187 reported by
Alexandros Frantzis
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mir |
Fix Released
|
Critical
|
Alexandros Frantzis | ||
mir (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
At various points in the code we are using a hardcoded size for the buffers we serialize our protobuf messages into. We are making the assumption that messages are always smaller than our hardcoded size (currenty 2KiB), but that is not correct. There are at least some protobuf messages that are unbounded.
We can see this problem cause a failure when running under VMware where the display configuration is large due to an abundance of displays and supported modes, causing the client to hang because the server reply is incomplete/
Marking this as critical since the bug also has potential security implications.
Related branches
lp:~afrantzis/mir/variable-length-serialization-buffers-1320187
- Alberto Aguirre (community): Approve
- Robert Carr (community): Approve
- PS Jenkins bot (community): Approve (continuous-integration)
- Andreas Pokorny (community): Approve
- Alan Griffiths: Approve
-
Diff: 511 lines (+311/-37)11 files modifiedinclude/shared/mir/variable_length_array.h (+64/-0)
src/client/rpc/mir_basic_rpc_channel.cpp (+6/-8)
src/server/frontend/event_sender.cpp (+9/-6)
src/server/frontend/protobuf_responder.cpp (+12/-8)
src/server/frontend/protobuf_responder.h (+0/-1)
src/server/frontend/socket_messenger.cpp (+8/-12)
src/server/frontend/socket_messenger.h (+0/-2)
tests/acceptance-tests/CMakeLists.txt (+1/-0)
tests/acceptance-tests/test_large_messages.cpp (+103/-0)
tests/unit-tests/CMakeLists.txt (+1/-0)
tests/unit-tests/test_variable_length_array.cpp (+107/-0)
Changed in mir: | |
status: | New → In Progress |
summary: |
- Hardcoded size for serialization buffers is not reliable nor secure + Hardcoded size for serialization buffers is neither reliable nor secure |
Changed in mir: | |
milestone: | none → 0.2.0 |
description: | updated |
tags: | added: vm |
tags: |
added: vmware removed: vm |
Changed in mir: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fix committed into lp:mir/devel at revision None, scheduled for release in mir, milestone Unknown