-
Notifications
You must be signed in to change notification settings - Fork 300
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple unsoundness problems in aya-ebpf/programs #1112
Comments
same problem for
|
and maybe same problem for
|
If we need fix it maybe we should add check for null pointer in |
I think the proper fix would be to use |
A pull request is very welcome! 🙂 Your build error looks weird, but hard to debug for me, since it's your own project where you're using Aya as an external crate. Would you mind sharing the code, or at least That said, I think our integration tests should be good enough for you to make and test the change just using the main Aya repo. |
ofcourse, here is my main.rs:
and Cargo.toml:
result:
|
You're using a wrong crate. I would recommend to read through our docs (https://aya-rs.dev/) and make it to the Classifiers section, where the |
Ok, I will take a look at that. And another case
|
and aya/ebpf/aya-ebpf/src/programs/sk_buff.rs Line 263 in 1dfcfbc
I'm not sure if I've found all of these bugs, but it seems to be a common problem in this library. Maybe my program is underreporting. But that's probably all the cases I could find. |
Yeah, if you find any other structs wrapping a raw pointer, it totally makes sense to ensure it's |
Considering this is a unsound problem and this crate is published on crates.io, I suggest maybe we should report it to RustSec? |
I doubt it. This crate (aya-ebpf) can only be compiled with nightly compiler targeting bpfeb-unknown-none and bpfel-unknown-none, which are Tier 3 platforms. |
hello, thank you for your contribution in this project, I am scanning the unsoundness problem in rust project.
I notice the following code:
Considering that
programs
is a pub mod andskb
is a pub field, I assume that users can directly manipulate this field, and thatlen
is a public function. This potential situation could result inself.skb
being a null pointer, and directly dereferencing it might trigger undefined behavior (UB). For safety reasons, I felt it necessary to report this issue. If you have performed checks elsewhere that ensure this is safe, please don’t take offense at my raising this issue.Sorry, I can't provide a Poc, because trying to import SkBuff in my environment will get an error:
If this can be solved, I am happy to provide a Poc.
The text was updated successfully, but these errors were encountered: