tls_codec: Read/write all available data in quic_vec #1159
Conversation
franziskuskiefer
changed the title
|
Sorry, I don't quite understand what the problem with fuzzing is here. Can you clarify? |
Sure (sorry for the slow response). #[derive(Deserialize, TlsSize)]
struct MyStruct {
m: u8,
o: Vec<u8>,
}
fuzz_target!(|data: &[u8]| {
let _ = MyStruct::tls_deserialize(&mut &data[..]);
}); |
|
Closing this. Let me know if you want to reopen the discussion @pcapriotti. |
|
Hello @franziskuskiefer Could you share your concerns on this so we could address them and have this merged? |
|
Right now there's no fuzzing in the crate here. We should add a simple target (like that snippet). And run a couple iterations on CI. |
|
I propose to reopen and merge this PR. The patch proposed by @pcapriotti fixes the issue created by the use of read() in tls_codec/src/quic_vec.rs which may stop reading from the reader before filling the entire buffer. This behaviour is documented and it depends on the environment (OS, etc). So, it cannot be captured in a unit test to the best of my knowledge. Quoting the relevant paragraph of the current documentation:
When read() stops before filling up the buffer to the end, it needs to be called again in a loop until the buffer is filled. This could be done manually, but it already is implemented in read_exact() which was also proposed by @pcapriotti. As to fuzzing, I think that should be a side show, considering that the issue at hand already bleeds into production systems. Important, but not first priority, imho. Thanks! 🙏 |
|
Nothing keeps you from reopening the PR. |
|
I probably can rebase the code, but I don't think I can reopen the PR. 🤔 |
`Read::read` is not guaranteed to fill the whole buffer, and similarly, `Write::write` is not guaranteed to write everything. This commit replaces them with `read_exact` and `write_all` respectively, and removes the corresponding assertions.
|
Merging should be possible without rebasing, since there are no conflicts with more recent commits. If still relevant, I'm probably obtaining the permissions to push to Paolo's branch in the course of the day. |
stefanwire
force-pushed
the
pcapriotti/fix-quic-vec-rw
branch
from
5065a28
to
e1cfcf8
Compare
|
The PR is now rebased onto the current upstream master branch. @franziskuskiefer |
Thanks, can you add the fuzzing target? Also, I had a quick look again at this and don't see any fix in this. The checks are manual for easier handling of fuzzing targets. The main difference is that with the change you can read from streams that don't give you all available data right away. |
franziskuskiefer
changed the title
So, what the library currently done is (1) attempt to read and (2) fail if not enough bytes are read, even if more bytes could be read. What should be done instead is repeatedly read until all bytes are read. To be clear, this is a bug which has the potential to universally break protocols and it cannot be fixed from the outside of this library. The bug is fixed by this PR.
I'm not feeling comfortable enough in Rust yet to add new test features. There's no fuzzing target so for, is there? Also, bug fixes should go first, imho. Thanks! |
Read::readis not guaranteed to fill the whole buffer, and similarly,Write::writeis not guaranteed to write everything. This commit replaces them withread_exactandwrite_allrespectively, and removes the corresponding assertions.