Skip to content

Maybe multiple unsound problem in c_api #1305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
lwz23 opened this issue Dec 9, 2024 · 4 comments
Open

Maybe multiple unsound problem in c_api #1305

lwz23 opened this issue Dec 9, 2024 · 4 comments

Comments

@lwz23
Copy link

lwz23 commented Dec 9, 2024

hello, thank you for your contribution in this project, I am scanning the unsoundness problem in rust project.
I notice the following code:

pub fn create_rmstring(
    ctx: *mut rawmod::RedisModuleCtx,
    from_str: &str,
    str: *mut *mut rawmod::RedisModuleString,
) -> c_int {
    if let Ok(s) = CString::new(from_str) {
        let p = s.as_bytes_with_nul().as_ptr().cast::<c_char>();
        let len = s.as_bytes().len();
        unsafe { *str = rawmod::RedisModule_CreateString.unwrap()(ctx, p, len) };
        return Status::Ok as c_int;
    }
    Status::Err as c_int
}

Considering pub mod c_api and this is a pub function, I assume user can directly call to this function, if it's this case , I think there may exist a unsound problem in this code, eg. maybe str is null? It will lead to UB. I suggest mark this function as unsafe or add additional check to varify the pointer. I chose to report this issue for security reasons, but don't mind if the function is not intended for external use and should be marked as pub(crate), or if this is an error report and there is actually no unsound problem.
@lwz23
Copy link
Author

lwz23 commented Dec 11, 2024

maybe same problem for

RedisJSON/redis_json/src/c_api.rs

Line 211 in 93d8c18

pub fn set_string(from_str: &str, str: *mut *const c_char, len: *mut size_t) -> c_int {

it checked str is not null but didn't check len is not null

@lwz23
Copy link
Author

lwz23 commented Dec 24, 2024

ping

@lwz23
Copy link
Author

lwz23 commented Dec 24, 2024

maybe same problem for

RedisJSON/redis_json/src/c_api.rs

Line 93 in 93d8c18

pub fn json_api_get_at<M: Manager>(_: M, json: *const c_void, index: size_t) -> *const c_void {

RedisJSON/redis_json/src/c_api.rs

Line 104 in 93d8c18

pub fn json_api_get_len<M: Manager>(_: M, json: *const c_void, count: *mut libc::size_t) -> c_int {

RedisJSON/redis_json/src/c_api.rs

Line 120 in 93d8c18

pub fn json_api_get_type<M: Manager>(_: M, json: *const c_void) -> c_int {

RedisJSON/redis_json/src/c_api.rs

Line 124 in 93d8c18

pub fn json_api_get_string<M: Manager>(

RedisJSON/redis_json/src/c_api.rs

Line 141 in 93d8c18

pub fn json_api_get_json<M: Manager>(

RedisJSON/redis_json/src/c_api.rs

Line 152 in 93d8c18

pub fn json_api_get_json_from_iter<M: Manager>(

RedisJSON/redis_json/src/c_api.rs

Line 169 in 93d8c18

pub fn json_api_get_int<M: Manager>(_: M, json: *const c_void, val: *mut c_longlong) -> c_int {

RedisJSON/redis_json/src/c_api.rs

Line 181 in 93d8c18

pub fn json_api_get_double<M: Manager>(_: M, json: *const c_void, val: *mut c_double) -> c_int {

RedisJSON/redis_json/src/c_api.rs

Line 197 in 93d8c18

pub fn json_api_get_boolean<M: Manager>(_: M, json: *const c_void, val: *mut c_int) -> c_int {

RedisJSON/redis_json/src/c_api.rs

Line 211 in 93d8c18

pub fn set_string(from_str: &str, str: *mut *const c_char, len: *mut size_t) -> c_int {

.......................
In fact, I recommend that all pub functions that accept a bare pointer as an argument be marked as unsafe or adequately checked for validity..... Since most of these codes are likely to be used only internally, I recommend marking them as unsafe or declaring them as pub(crate)

@lwz23 lwz23 changed the title Maybe unsound in c_api::create_rmstring Maybe multiple unsound problem in c_api Dec 24, 2024
@eranhd
Copy link
Collaborator

eranhd commented Dec 24, 2024

@lwz23 Thank you for your recommendation. We will review it, make the necessary changes, and address it accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eranhd @lwz23