fix(userspace/libsinsp/parsers): guard against invalid cmsg_len values

[ekoops]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind test

/kind feature

/kind sync

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-bpf

/area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

This PR guards against invalid cmsg_len values while accessing control messages in ancillary data. This is achieved by checking there is enough space between the current control message and the end of the buffer to hold both the current control message and the next one.

This change sync the implementation of ppm_cmsg_nxthdr() with the current glibc implementation:
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/cmsg_nxthdr.c;h=0e602a16053ed6742ea1556d75de8540e49157f1;hb=170550da27f68a08589e91b541883dcc58dee640

Which issue(s) this PR fixes:

Fixes #2765

Special notes for your reviewer:

/milestone 0.24.0

This also handles the case in #2764 . To understand why, let's analyze the scenario with the new implementation. In the following, I'm assuming sizeof(size_t) => 8, so sizeof(cmsghdr) => 16.

Given cmsg_len => 0xFFFFFFFFFFFFFFFF, then __CMSG_PADDING(cmsg_len) => 1, so size_needed => sizeof(size_t) + __CMSG_PADDING(cmsg_len) => 17.

Now, remaining_room is defined as the distance between the beginning of the current control message and the end of all control messages. It is defined in the following way:

const size_t remaining_room = static_cast<size_t>(msg_control + msg_controllen - reinterpret_cast<char *>(cmsg));

Notice that this value is positive, because cmsg is by construction a pointer laying on the region [msg_control, msg_control + msg_controllen].

We detect two failing cases:

• remaining_room < size_needed - not important for this analysis
• remaining_room - size_needed < cmsg_len - notice that this case is evaluated only if remaining_room >= size_needed; this means that must always be remaining_room - size_needed >= 0. For our analysis, here we have something positive < 0xFFFFFFFFFFFFFFFF, which is clearly true, preventing returning a non-NULL value

Hope this analysis helps reviewers.

Does this PR introduce a user-facing change?:

NONE

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ekoops

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ekoops]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ekoops]

CC @fremmi , @deepskyblue86 , @terror96

[github-actions]

Perf diff from master - unit tests

    16.93%     -6.31%  [.] std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_add_ref_lock_nothrow()
     8.31%     +4.78%  [.] std::__shared_count<(__gnu_cxx::_Lock_policy)2>::_M_get_use_count() const
     6.74%     +2.56%  [.] sinsp_threadinfo::update_main_fdtable()
    13.31%     +1.67%  [.] std::__shared_ptr<sinsp_threadinfo, (__gnu_cxx::_Lock_policy)2>::__shared_ptr(std::__weak_ptr<sinsp_threadinfo, (__gnu_cxx::_Lock_policy)2> const&, std::nothrow_t)
     9.69%     -1.33%  [.] sinsp_threadinfo::get_fd_table()
    10.11%     -0.73%  [.] std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release()
    11.81%     -0.39%  [.] sinsp_threadinfo::get_main_thread()
     0.41%     -0.24%  [.] scap_event_encode_params_v
     3.73%     -0.20%  [.] sinsp_thread_manager::create_thread_dependencies(std::shared_ptr<sinsp_threadinfo> const&)
     0.04%     +0.10%  [.] bool std::operator==<char, std::char_traits<char>, std::allocator<char> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)

Heap diff from master - unit tests

peak heap memory consumption: 0B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Heap diff from master - scap file

peak heap memory consumption: 0B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Benchmarks diff from master

Comparing gbench_data.json to /root/actions-runner/_work/libs/libs/build/gbench_data.json
Benchmark                                                         Time             CPU      Time Old      Time New       CPU Old       CPU New
----------------------------------------------------------------------------------------------------------------------------------------------
BM_sinsp_split_mean                                            -0.0142         -0.0142           239           235           239           235
BM_sinsp_split_median                                          -0.0149         -0.0149           239           235           239           235
BM_sinsp_split_stddev                                          -0.5351         -0.5295             2             1             2             1
BM_sinsp_split_cv                                              -0.5284         -0.5227             0             0             0             0
BM_sinsp_concatenate_paths_relative_path_mean                  -0.1008         -0.1007            76            69            76            69
BM_sinsp_concatenate_paths_relative_path_median                -0.1040         -0.1040            76            68            76            68
BM_sinsp_concatenate_paths_relative_path_stddev                -0.0095         -0.0085             1             1             1             1
BM_sinsp_concatenate_paths_relative_path_cv                    +0.1015         +0.1025             0             0             0             0
BM_sinsp_concatenate_paths_empty_path_mean                     +0.0077         +0.0077            41            42            41            42
BM_sinsp_concatenate_paths_empty_path_median                   -0.0125         -0.0125            42            42            42            42
BM_sinsp_concatenate_paths_empty_path_stddev                   -0.8392         -0.8390             1             0             1             0
BM_sinsp_concatenate_paths_empty_path_cv                       -0.8404         -0.8402             0             0             0             0
BM_sinsp_concatenate_paths_absolute_path_mean                  -0.0754         -0.0754            74            69            74            69
BM_sinsp_concatenate_paths_absolute_path_median                -0.0758         -0.0758            74            69            74            69
BM_sinsp_concatenate_paths_absolute_path_stddev                -0.8396         -0.8394             1             0             1             0
BM_sinsp_concatenate_paths_absolute_path_cv                    -0.8266         -0.8263             0             0             0             0

[codecov]

Codecov Report

❌ Patch coverage is 0% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.57%. Comparing base (9e6a8cc) to head (cdf0efb).

Files with missing lines	Patch %	Lines
userspace/libsinsp/parsers.cpp	0.00%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2768      +/-   ##
==========================================
- Coverage   74.57%   74.57%   -0.01%     
==========================================
  Files         292      292              
  Lines       30026    30027       +1     
  Branches     4658     4656       -2     
==========================================
  Hits        22392    22392              
- Misses       7634     7635       +1     

Flag	Coverage Δ
libsinsp	74.57% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[terror96]

Suggested change

	// There isn't enough space between cmsg and the end of the buffer to hold the current cmsg
	// Check that there is enough space between cmsg and the end of the buffer to hold the current cmsg