Merge pull request #8 from bcmi-labs/fix/memory-overwrite

Fix: casts between `mbed::SocketAdrress *` and `struct sockaddr *` cause memory overwrites due to different memory size and layout
arduino-libraries · Jul 17, 2024 · 1c007bf · 1c007bf
2 parents ac8091d + a4cf7ab
commit 1c007bf
Showing 1 changed file with 55 additions and 13 deletions.
diff --git a/src/arch/posix/mbed_tcp.cpp b/src/arch/posix/mbed_tcp.cpp
@@ -1,5 +1,7 @@
 #include "mbed_tcp.h"
 
+#include "PortentaEthernet.h"
+
 int mbed_send(UA_FD fd, const void * data, size_t size, int ignored)
 {
   TCPSocket * sock = (TCPSocket *)fd;
@@ -82,22 +84,62 @@ int mbed_getnameinfo(struct sockaddr* fd, size_t sa_sz, char* name, size_t host_
     return 0;
 }
 
-int mbed_addrinfo(const char* hostname, const char* portstr, struct addrinfo* hints, struct addrinfo** info) {
+int mbed_addrinfo(const char* hostname, const char* portstr, struct addrinfo* hints, struct addrinfo** info)
+{
+  static struct sockaddr ai_addr;
+  static struct addrinfo res;
+  bool is_localhost = false;
+
+  if (hostname == NULL)
+  {
+    static const char * localhost = "localhost";
+    hostname = localhost;
+    is_localhost = true;
+  }
 
-    if (hostname == NULL) {
-        static const char* localhost = "localhost";
-        hostname = localhost;
-        static SocketAddress _hints("localhost", atoi(portstr));
-        _hints.set_ip_address("127.0.0.1");
-        hints = (struct addrinfo*)&_hints;
-    }
+  SocketAddress mbed_hints(hostname, atoi(portstr));
+  mbed_hints.set_ip_address(Ethernet.localIP().toString().c_str());
+  SocketAddress * mbed_res;
+
+  /* Bypass faulty DNS lookup on localhost. */
+  if (is_localhost)
+  {
+    ai_addr.ai = mbed_hints;
+
+    memcpy(&res, hints, sizeof(struct addrinfo));
+
+    res.ai_addr = &ai_addr;
+    res.ai_next = NULL;
+    info[0] = &res;
 
-    auto ret = NetworkInterface::get_default_instance()->getaddrinfo(hostname, (SocketAddress*)hints, (SocketAddress**)info);
-    hints->ai_addr = (struct  sockaddr*)hints;
-    hints->ai_next = NULL;
-    info[0] = (struct  addrinfo*)hints;
-    // Always return 0
     return UA_STATUSCODE_GOOD;
+  }
+
+  /* rc either holds the number of results uncovered or a negative error code. */
+  auto rc = NetworkInterface::get_default_instance()->getaddrinfo(hostname, &mbed_hints, &mbed_res);
+  if (rc < 0)
+  {
+    UA_LOG_ERROR(UA_Log_Stdout, UA_LOGCATEGORY_SERVER, "NetworkInterface::get_default_instance()->getaddrinfo(...) failed with %d", rc);
+    return UA_STATUSCODE_BAD;
+  }
+
+  int const addr_cnt = rc;
+  if (addr_cnt == 0)
+  {
+    UA_LOG_ERROR(UA_Log_Stdout, UA_LOGCATEGORY_SERVER, "NetworkInterface::get_default_instance()->getaddrinfo(...) found no addresses");
+    return UA_STATUSCODE_BAD;
+  }
+
+  /* Note: we currently support only a single address result. */
+  ai_addr.ai = mbed_res[0];
+
+  memcpy(&res, hints, sizeof(struct addrinfo));
+
+  res.ai_addr = &ai_addr;
+  res.ai_next = NULL;
+  info[0] = &res;
+
+  return UA_STATUSCODE_GOOD;
 }
 
 int mbed_listen(UA_FD fd, int ignored) {