search

keith-cullen / FreeCoAP

An implementation of a CoAP client, a CoAP server and a HTTP/CoAP proxy with full DTLS support.
132 stars 38 forks source link

Bug: Misaligned Address Load Detected in coap_msg.c at coap_msg_parse_op Function #35

Closed dqp10515 closed 3 months ago

dqp10515 commented 3 months ago

Reproduce Info

version:v0.7

Build Environment Update

The Makefile within the test_coap_server directory have been updated to utilize clang with sanitizers. 

 I1 = ../../lib/include
 S1 = ../../lib/src
-CC_ ?= gcc
-CFLAGS = -Wall \
+CC_ ?= clang
+CFLAGS = -Wall -g -fsanitize=address,undefined -fno-omit-frame-pointer\
          -I $(I1)
 CFLAGS += $(IP6_CFLAGS)
 CFLAGS += $(DTLS_CFLAGS)
-LD_ ?= gcc
-LDFLAGS =
+LD_ ?= clang
+LDFLAGS = -fsanitize=address,undefined
 INCS = $(I1)/coap_server.h \
        $(I1)/coap_msg.h \
        $(I1)/coap_mem.h \

Building test_coap_server

cd FreeCoAP/test/test_coap_server
make dtls=n

Run Instructions

Starting the CoAP Server

The CoAP server was started using the test_coap_server executable:

cd FreeCoAP/test/test_coap_server
./test_coap_server

Sending a Packet

The packet was sent to the server using the following command:

echo -n "4001a9a889e6e689e689e689e689e689e60ad0f4b7726567756c6172" | xxd -r -p | nc -u 0.0.0.0 12436

The packet's structure is as follows:

The hex representation of the datagram sent to the server is as follows:

4001a9a889e6e689e689e689e689e689e60ad0f4b7726567756c6172

Description

UndefinedBehaviorSanitizer has detected an issue where a misaligned address is loaded for a uint16_t type, which requires 2-byte alignment. This issue occurs within the coap_msg_parse_op function.

Crash report

Here is the UBSan report:

FreeCoAP/test/test_coap_server/lib/src/coap_msg.c:579:32: runtime error: load of misaligned address for type 'uint16_t' (aka 'unsigned short'), which requires 2 byte alignment
 89 e6 89 e6 89 e6 0a d0 f4 b7 72 65 67 75 6c 61 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
             ^ 
[Backtrace]
    #0 0x4efde9 in coap_msg_parse_op FreeCoAP/lib/src/coap_msg.c:579:32
    #1 0x4e9eb5 in coap_msg_parse_ops FreeCoAP/lib/src/coap_msg.c:647:15
    #2 0x4e8934 in coap_msg_parse FreeCoAP/lib/src/coap_msg.c:744:11
    #3 0x4e0031 in coap_server_trans_recv FreeCoAP/lib/src/coap_server.c:1089:11
    #4 0x4d9ac5 in coap_server_exchange FreeCoAP/lib/src/coap_server.c:2285:11
    #5 0x4d7c1f in coap_server_run FreeCoAP/lib/src/coap_server.c:2559:15
    #6 0x4c8b95 in main FreeCoAP/test/test_coap_server/test_coap_server.c:747:11
    #7 0x7f9ff32430b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #8 0x41c36d in _start (FreeCoAP/test/test_coap_server/test_coap_server+0x41c36d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior FreeCoAP/test/test_coap_server/lib/src/coap_msg.c:579:32 in

keith-cullen commented 3 months ago

Fixed