Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/net/route: ParseRIB panics on message from Darwin #70528

Open
raggi opened this issue Nov 22, 2024 · 6 comments
Open

x/net/route: ParseRIB panics on message from Darwin #70528

raggi opened this issue Nov 22, 2024 · 6 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Darwin
Milestone
Unreleased

Comments

@raggi
Copy link
Contributor

raggi commented Nov 22, 2024
edited
Loading

Go version

go1.23.3 & golang.org/x/[email protected]

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='arm64'
GOBIN=''
GOCACHE='/Users/raggi/Library/Caches/go-build'
GOENV='/Users/raggi/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/raggi/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/raggi/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/Users/raggi/.cache/tailscale-go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/Users/raggi/.cache/tailscale-go/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.23.1'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/Users/raggi/Library/Application Support/go/telemetry'
GCCGO='gccgo'
GOARM64='v8.0'
AR='ar'
CC='clang'
CXX='clang++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/bb/dyr_1n6j575g8nq85nmnfbt00000gn/T/go-build3032505426=/tmp/go-build -gno-record-gcc-switches -fno-common'

What did you do?

Seen from tailscale client, usage at https://github.com/tailscale/tailscale/blob/8e5cfbe4ab11713e383b3ff0d978f116320de2a3/net/netmon/netmon_darwin.go#L59

What did you see happen?

2024-11-22T19:46:58Z	panic: runtime error: slice bounds out of range [8:0]
2024-11-22T19:46:58Z	
2024-11-22T19:46:58Z	goroutine 75 [running]:
2024-11-22T19:46:58Z	golang.org/x/net/route.parseInetAddr(0x14000582dc8?, {0x1400024e090, 0x14000f38480?, 0x788})
2024-11-22T19:46:58Z	golang.org/x/[email protected]/route/address.go:203 +0x280
2024-11-22T19:46:58Z	golang.org/x/net/route.parseAddrs(0x15, 0x1033fb958, {0x1400024e074, 0x34, 0x7a4})
2024-11-22T19:46:58Z	golang.org/x/[email protected]/route/address.go:408 +0xd8
2024-11-22T19:46:58Z	golang.org/x/net/route.(*wireFormat).parseRouteMessage(0x1400012a018, 0x140003f8008?, {0x1400024e018, 0x90, 0x800})
2024-11-22T19:46:58Z	golang.org/x/[email protected]/route/route_classic.go:70 +0x2b8
2024-11-22T19:46:58Z	golang.org/x/net/route.ParseRIB(0x1, {0x1400024e018?, 0x14000f38380?, 0x140001105b0?})
2024-11-22T19:46:58Z	golang.org/x/[email protected]/route/message.go:55 +0x194
2024-11-22T19:46:58Z	tailscale.com/net/netmon.(*darwinRouteMon).Receive(0x1400024e008)
2024-11-22T19:46:58Z	[email protected]/net/netmon/netmon_darwin.go:59 +0x60
2024-11-22T19:46:58Z	tailscale.com/net/netmon.(*Monitor).pump(0x140001821c0)
2024-11-22T19:46:58Z	[email protected]/net/netmon/netmon.go:346 +0x78
2024-11-22T19:46:58Z	created by tailscale.com/net/netmon.(*Monitor).Start in goroutine 17
2024-11-22T19:46:58Z	[email protected]/net/netmon/netmon.go:265 +0x1b8

What did you expect to see?

No panic.

Related issue: #44740
Related change: hurricanehrndz/golang-net@61924c1
@gabyhelp
Copy link

Related Issues

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@bradfitz
Copy link
Contributor

cc @hurricanehrndz

@hurricanehrndz
Copy link

Thanks, I will take a look at this on the weekend.

@dmitshur dmitshur added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 22, 2024
@dmitshur dmitshur added this to the Unreleased milestone Nov 22, 2024
@hurricanehrndz
Copy link

@raggi do you have the bytes array so that I can write up a test for this?

@raggi
Copy link
Contributor Author

raggi commented Nov 22, 2024

@hurricanehrndz I'm working on getting that, in the meantime this should be sufficient defense: https://github.com/golang/net/compare/master...raggi:raggi/darwin-rib-parse?expand=1

@raggi raggi mentioned this issue Nov 22, 2024
Open
raggi added a commit to tailscale/tailscale that referenced this issue Nov 22, 2024
@raggi
net/netmon: catch ParseRIB panic to gather buffer data
f6d0412 
Updates #14201
Updates golang/go#70528

Signed-off-by: James Tucker <[email protected]>
@raggi raggi mentioned this issue Nov 22, 2024
Merged
@hurricanehrndz
Copy link

@raggi yeah that looks good.

raggi added a commit to tailscale/tailscale that referenced this issue Nov 22, 2024
@raggi
net/netmon: catch ParseRIB panic to gather buffer data
f643118 
Updates #14201
Updates golang/go#70528

Signed-off-by: James Tucker <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Darwin
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@raggi @bradfitz @dmitshur @hurricanehrndz @gabyhelp