search

openv / vcontrold

:fire: vcontrold Daemon for control and logging of Viessmann® type heating devices
https://github.com/openv/openv/wiki
GNU General Public License v3.0
101 stars 54 forks source link

binary issues with alpine linux - musl libc #67

Closed HolgerHees closed 3 months ago

HolgerHees commented 4 years ago

Hello,

I hope for someone with better experiences in programming c.

Currently vcontrold is running fine on my host system. If I compile it in an alpine linux based container, it compiles fine too. But the final binary has some string length calculation issues in the parser.c

in the function

compilePtr buildByteCode(commandPtr cPtr, unitPtr uPtr)

at then end during the while end condition check

        sendPtr += strlen(cmd) + 1;
    } while (*sendPtr);

we produce some kind of pointer overflow to leave the while loop. This works fine on a normal suse or fedora. But not an a musl/alpine based linux.

to demonstrate what I mean I added some additional log entries.

        logIT(LOG_INFO, "        sendPtr: %s, strlen(sendPtr): %d, strlen(cmd): %d", sendPtr, strlen(sendPtr), strlen(cmd));
        sendPtr += strlen(cmd) + 1;
        logIT(LOG_INFO, "        => sendPtr: %s, strlen(sendPtr): %d", sendPtr, strlen(sendPtr));
    } while (*sendPtr);

on my host system I get log messages like

[12557] Tue May 26 18:04:54 2020 : BuildByteCode: SEND 00 01 0A 82 01;RECV 1 RT
[12557] Tue May 26 18:04:54 2020 :         Token: 3 Hexlen: 5, Unit: 
[12557] Tue May 26 18:04:54 2020 :         sendPtr: SEND 00 01 0A 82 01;RECV 1 RT, strlen(sendPtr): 29, strlen(cmd): 19
[12557] Tue May 26 18:04:54 2020 :         => sendPtr: RECV 1 RT, strlen(sendPtr): 9
[12557] Tue May 26 18:04:54 2020 :         Token: 2 Hexlen: 1, Unit: RT
[12557] Tue May 26 18:04:54 2020 :         sendPtr: RECV 1 RT, strlen(sendPtr): 9, strlen(cmd): 9
[12557] Tue May 26 18:04:54 2020 :         => sendPtr: , strlen(sendPtr): 0

but in my container I get

[487] Tue May 26 15:58:58 2020 : BuildByteCode: SEND 00 01 0A 82 01;RECV 1 RT
[487] Tue May 26 15:58:58 2020 :         Token: 3 Hexlen: 5, Unit: 
[487] Tue May 26 15:58:58 2020 :         sendPtr: SEND 00 01 0A 82 01;RECV 1 RT, strlen(sendPtr): 29, strlen(cmd): 19
[487] Tue May 26 15:58:58 2020 :         => sendPtr: RECV 1 RT, strlen(sendPtr): 9
[487] Tue May 26 15:58:58 2020 :         Token: 2 Hexlen: 1, Unit: RT
[487] Tue May 26 15:58:58 2020 :         sendPtr: RECV 1 RT, strlen(sendPtr): 9, strlen(cmd): 9
[487] Tue May 26 15:58:58 2020 :         => sendPtr: 82 01;RECV 1 RT, strlen(sendPtr): 15
[487] Tue May 26 15:58:58 2020 :         Token: 0 Hexlen: 0, Unit: 
[487] Tue May 26 15:58:58 2020 :         sendPtr: 82 01;RECV 1 RT, strlen(sendPtr): 15, strlen(cmd): 5
[487] Tue May 26 15:58:58 2020 :         => sendPtr: RECV 1 RT, strlen(sendPtr): 9
[487] Tue May 26 15:58:58 2020 :         Token: 2 Hexlen: 1, Unit: RT
[487] Tue May 26 15:58:58 2020 :         sendPtr: RECV 1 RT, strlen(sendPtr): 9, strlen(cmd): 9
[487] Tue May 26 15:58:58 2020 :         => sendPtr: , strlen(sendPtr): 0

later the process is crashing with

[487] Tue May 26 15:58:58 2020 : BuildByteCode: SEND 00 01 A3 8F 01;RECV 1 PR
[487] Tue May 26 15:58:58 2020 :         Token: 3 Hexlen: 5, Unit: 
[487] Tue May 26 15:58:58 2020 :         sendPtr: SEND 00 01 A3 8F 01;RECV 1 PR, strlen(sendPtr): 29, strlen(cmd): 19
[487] Tue May 26 15:58:58 2020 :         => sendPtr: RECV 1 PR, strlen(sendPtr): 9
[487] Tue May 26 15:58:58 2020 :         Token: 2 Hexlen: 1, Unit: PR
[487] Tue May 26 15:58:58 2020 :         sendPtr: RECV 1 PR, strlen(sendPtr): 9, strlen(cmd): 9
[487] Tue May 26 15:58:58 2020 :         => sendPtr: hexlen;RECV $len $A, strlen(sendPtr): 19
[487] Tue May 26 15:58:58 2020 :         Token: 0 Hexlen: 0, Unit: 
[487] Tue May 26 15:58:58 2020 :         sendPtr: hexlen;RECV $len $A, strlen(sendPtr): 19, strlen(cmd): 6
[487] Tue May 26 15:58:58 2020 :         => sendPtr: RECV $len $A, strlen(sendPtr): 12
[487] Tue May 26 15:58:58 2020 :         Token: 2 Hexlen: 0, Unit: $A
[487] Tue May 26 15:58:58 2020 : Unit $A not defined

I have the feeling that musl libc is not so strict in memory boundaries like glibc

has anyone an explanation for that? If I combine the while condition with a length check it works on alpine too.

HolgerHees commented 4 years ago

another difference is that my host is using gcc 7.5.0

and the alpine container is using gcc 9.2.0

HolgerHees commented 4 years ago

with latest debian buster image it works too.

bertouttier commented 4 years ago

+1 I am seeing this issue as well in Alpine Linux.

HolgerHees commented 3 months ago

is working in my alpine 3.19 based container which is using musl libc.

so it seams to be fixed in the meantime.