Fix UB and dangerous casting in the pubsub framework by Smjert · Pull Request #6...
source link: https://github.com/osquery/osquery/pull/6881
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
-
Downcasting a shared_ptr to a type T2 that's not a derived class or a base class of T1,
even if they share the same base class B, it's undefined behaviour.
For instance BPFEventPublisher inherits from EventPublisher<BPFEventSC,BPFEventEC>,
which is a template that inherits from EventPublisherPlugin, which
further inherits from Plugin.
The register function was called passing an instance of std::shared_ptr
which was implicitly upcasted to std::shared_ptr as the
function parameter.
Then such parameter was downcasted to std::shared_ptr
(which was fine), then further downcasted to std::shared_ptr
which actually was std::shared_ptr<EventPublisher<SubscriptionContext, EventContext>>.
Although the two EventPublisher template parameters are base classes
of BPFEventSC and BPFEventEC, the resulting concrete EventPublisher
class is not related to BPFEventPublisher, so this is UB.
This was done in an attempt to have a common type for all publishers
to be used to store them into a std::map. Instead of using such type,
use EventPublisherPlugin.
A very similar thing happens with subcribers. -
Fix an incorrect success when a std::shared_ptr
fails to be downcasted to a std::shared_ptr,
in EventFactory::registerEventPublisher. -
Substitute dangerous reinterpret_cast on a pointer to a member function
callback in EventSubscriber::subscribe with a safer approach
which uses a lambda that captures the object it has to call the callback on
and properly converts the arguments, downcasting them to the appropriate type.
Also remove a redundant template parameter. -
Add a virtual destructor to SubscriptionContext and EventContext
structs since they are inherited from
and used in a polymorphic context as pointers.
Recommend
-
1
New issue Fix SystemControlsTest adding sunrpc as an expected subsystem #6932
-
2
Copy link Member Smjert co...
-
3
New issue Fix heap-use-after-free in deregisterEventSubscriber #6880
-
1
Copy link Member Smjert co...
-
5
New issue Fix tls_enroll_max_attempts flag name in the documentation #7049
-
3
Copy link Member Smjert com...
-
6
Copy link Member Smjert commented...
-
4
New issue Restore query packs in Windows packaging #7388
-
7
New issue Change libdpkg submodule url to our own github mirror #6903
-
2
Empty messages received by PubSub pull() I want my Python script to receive one message from a PubSub topic and then go on to other work. The...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK