search

CESNET / Nemea-Framework

Nemea framework is the heart of the Nemea system. It contains implementation of common communication interfaces, UniRec data format and useful datastructures and algorithms.
11 stars 24 forks source link

libtrap: multi-file read errors --> `strncpy` misuse? #137

Closed rickhg12hs closed 4 years ago

rickhg12hs commented 4 years ago

https://github.com/CESNET/Nemea-Framework/blob/a57307a0fa7ec230e48177f54b213cfa552dafd6/libtrap/src/ifc_file.c#L378

For reading multiple files from a directory by globbing, won't this miss the null termination when a shorter filename follows a longer filename? Ref: CESNET/LiST#10

From strncpy(3) man page:

Warning: If there is no null byte among the first n bytes of src, the string placed in dest will not be null-terminated.

rickhg12hs commented 4 years ago

From https://github.com/CESNET/LiST/issues/10:

There seems to be a problem reading multiple files in directory. For example

[vagrant@list-vagrant sf_vboxsf]$ ll my_UniRecs/
total 40
drwxrwx---. 1 root vboxsf 4096 Dec 12 16:49 ./
drwxrwx---. 1 root vboxsf 4096 Dec 12 16:42 ../
-rwxrwx---. 1 root vboxsf 3146 Nov  2  2018 lan_basic.201711261310*
-rwxrwx---. 1 root vboxsf 1485 Nov  2  2018 lan_dns.201711261310*
-rwxrwx---. 1 root vboxsf  787 Nov  2  2018 lan_http.201711261310*
-rwxrwx---. 1 root vboxsf 8913 Nov  2  2018 wan_basic.201711261310*
-rwxrwx---. 1 root vboxsf 1861 Nov  2  2018 wan_dns.201711261310*
-rwxrwx---. 1 root vboxsf  917 Nov  2  2018 wan_http.201711261310*
[vagrant@list-vagrant sf_vboxsf]$ traffic_repeater -v -i f:my_UniRecs/*,f:/dev/null
Info: Initializing traffic repeater...
VERBOSE: --------------- STATS --------------- 
VERBOSE: ------------- INPUT IFC ------------- 
VERBOSE: IFC[0]: recv buf: 1, msg: 37.
VERBOSE: ------------- OUTPUT IFC ------------ 
VERBOSE: IFC[0]: sent buf: 0, msg: 37, drop msg: 0, flush: 0.
VERBOSE: ------------------------------------- 
ERROR: FILE IFC[0]: unable to open file "my_UniRecs/lan_dns.20171126131010" in mode "r". Possible reasons: non-existing file, bad permission, file can not be opened in this mode.
Error: trap_recv() returned 14 (INPUT FILE IFC[0]: Unable to open next file.)
Info: Flows received:                36
Info: Flows sent:                    36
Info: Timeouts:                       0
Info: Time elapsed:               0.013s
VERBOSE: Output ifc 0: Setting autoflush timeout to 18446744073709551615.
VERBOSE: Output ifc 0: Setting timeout to 100000.

It appears that part of the file globbing isn't null terminating a string somewhere.

[vagrant@list-vagrant sf_vboxsf]$ \ls -1 my_UniRecs/
lan_basic.201711261310
lan_dns.201711261310
lan_http.201711261310
wan_basic.201711261310
wan_dns.201711261310
wan_http.201711261310

See how the second filename got trashed?

Also, ...

[vagrant@list-vagrant sf_vboxsf]$ traffic_repeater -v -i f:my_UniRecs/lan_basic.201711261310,f:/dev/null
Info: Initializing traffic repeater...
Info: Final record received, terminating repeater...
Info: Flows received:                37
Info: Flows sent:                    37
Info: Timeouts:                       0
Info: Time elapsed:               0.016s
VERBOSE: Output ifc 0: Setting autoflush timeout to 18446744073709551615.
VERBOSE: Output ifc 0: Setting timeout to 100000.

Why are the flows received/sent +1 from the example above? Where did the extra flow come from?

havraji6 commented 4 years ago

I can confirm there was a misuse of a strncpy function. That should be fixed in #153.

The reason flow counts differs is because null termination record was not provided by libtrap, but was removed from statistics anyway.