Fix bugs in network_socket_receive_from.

hlef · davidchisnall · commit 6101271742a1 · 2024-04-10T14:13:50.000+01:00
A few things are wrong with `network_socket_receive_from`:

- We claim `unclaimedBuffer` but don't unclaim it on error paths, thus
  leaking the buffer.
- The `check_pointer` for `port` is done on `address`, likely due to a
  copy/paste issue.
- The `if (received &gt; 0)` before setting `buffer` is redundant as we
  already checked this a few lines earlier.
- We don't document that the UDP packet will be dropped if an error
  occurs in this function (timeout, permissions, etc.).
- The documentation of error codes is incomplete.

Address all these issues.

Signed-off-by: Hugo Lefeuvre &lt;hugo.lefeuvre@scisemi.com&gt;
diff --git a/include/NetAPI.h b/include/NetAPI.h
@@ -180,8 +180,13 @@ int __cheri_compartment("TCPIP")
  * The `bytesReceived` field of the result will be negative if an error
  * occurred.  The `buffer` field will be null if no data were received.
  *
+ * Note that errors occuring in this function (particularly timeout and invalid
+ * `address` or `port` pointers) may cause UDP packets to be dropped.
+ *
  * The negative values will be errno values:
  *
+ *  - `-ENOMEM`: The allocation quota is insufficient to hold the packet.
+ *  - `-EPERM`: The `address` and/or `port` pointers are invalid.
  *  - `-EINVAL`: The socket is not valid.
  *  - `-ETIMEDOUT`: The timeout was reached before data could be received.
  *  - `-ENOTCONN`: The socket is not connected.
diff --git a/lib/tcpip/network_wrapper.cc b/lib/tcpip/network_wrapper.cc
@@ -667,23 +667,26 @@ NetworkReceiveResult network_socket_receive_from(Timeout *timeout,
 			                                                       FREERTOS_ZERO_COPY,
 			                                                       &remoteAddress,
 			                                                       &remoteAddressLength);
-            });
-		   if (received > 0)
+            } /* with_freertos_timeout */);
+          if (received > 0)
           {
-              ssize_t claimed = heap_claim(mallocCapability, unclaimedBuffer);
-              Debug::log(
-			     "Claimed {} bytes for {}-byte buffer", claimed, received);
+              Claim c{mallocCapability, unclaimedBuffer};
               FreeRTOS_ReleaseUDPPayloadBuffer(unclaimedBuffer);
-              if (claimed <= 0)
+              if (!c)
               {
+                  Debug::log("Failed to claim socket.");
                   return -ENOMEM;
               }
+
+              Debug::log("Claimed {}-byte buffer", received);
               Capability claimedBuffer{unclaimedBuffer};
               claimedBuffer.bounds() = received;
+
               if (heap_claim_fast(timeout, address, port) < 0)
               {
                   return -ETIMEDOUT;
               }
+
               if (address != nullptr)
               {
                   if (!check_pointer<PermissionSet{Permission::Store}>(address))
@@ -705,19 +708,18 @@ NetworkReceiveResult network_socket_receive_from(Timeout *timeout,
               }
               if (port != nullptr)
               {
-                  if (!check_pointer<PermissionSet{Permission::Store}>(address))
+                  if (!check_pointer<PermissionSet{Permission::Store}>(port))
                   {
                       return -EPERM;
                   }
                   *port = FreeRTOS_ntohs(remoteAddress.sin_port);
               }
-              if (received > 0)
-              {
-                  buffer = claimedBuffer;
-                  return received;
-              }
+
+              buffer = claimedBuffer;
+              c.release();
+              return received;
           }
-          else if (received < 0)
+          if (received < 0)
           {
               if (received == -pdFREERTOS_ERRNO_ENOTCONN)
               {
@@ -728,12 +730,13 @@ NetworkReceiveResult network_socket_receive_from(Timeout *timeout,
               {
                   return -ETIMEDOUT;
               }
+
               // Something went wrong?
               Debug::log("Receive failed with unexpected error: {}", received);
               return -EINVAL;
           }
-          return received;
-	   },
+          return received; // We had `received` == 0.
+	   } /* with_sealed_socket */,
 	   socket);
 	return {result, buffer};
 }

Original file line number	Diff line number	Diff line change
`@@ -180,8 +180,13 @@ int __cheri_compartment("TCPIP")`
`180`	`180`	* The `bytesReceived` field of the result will be negative if an error
`181`	`181`	* occurred. The `buffer` field will be null if no data were received.
`182`	`182`	`*`
	`183`	`+ * Note that errors occuring in this function (particularly timeout and invalid`
	`184`	+ * `address` or `port` pointers) may cause UDP packets to be dropped.
	`185`	`+ *`
`183`	`186`	`* The negative values will be errno values:`
`184`	`187`	`*`
	`188`	+ * - `-ENOMEM`: The allocation quota is insufficient to hold the packet.
	`189`	+ * - `-EPERM`: The `address` and/or `port` pointers are invalid.
`185`	`190`	* - `-EINVAL`: The socket is not valid.
`186`	`191`	* - `-ETIMEDOUT`: The timeout was reached before data could be received.
`187`	`192`	* - `-ENOTCONN`: The socket is not connected.
Original file line number	Diff line number	Diff line change
`@@ -667,23 +667,26 @@ NetworkReceiveResult network_socket_receive_from(Timeout *timeout,`
`667`	`667`	`FREERTOS_ZERO_COPY,`
`668`	`668`	`&remoteAddress,`
`669`	`669`	`&remoteAddressLength);`
`670`		`- });`
`671`		`- if (received > 0)`
	`670`	`+ } /* with_freertos_timeout */);`
	`671`	`+ if (received > 0)`
`672`	`672`	`{`
`673`		`- ssize_t claimed = heap_claim(mallocCapability, unclaimedBuffer);`
`674`		`- Debug::log(`
`675`		`- "Claimed {} bytes for {}-byte buffer", claimed, received);`
	`673`	`+ Claim c{mallocCapability, unclaimedBuffer};`
`676`	`674`	`FreeRTOS_ReleaseUDPPayloadBuffer(unclaimedBuffer);`
`677`		`- if (claimed <= 0)`
	`675`	`+ if (!c)`
`678`	`676`	`{`
	`677`	`+ Debug::log("Failed to claim socket.");`
`679`	`678`	`return -ENOMEM;`
`680`	`679`	`}`
	`680`	`+`
	`681`	`+ Debug::log("Claimed {}-byte buffer", received);`
`681`	`682`	`Capability claimedBuffer{unclaimedBuffer};`
`682`	`683`	`claimedBuffer.bounds() = received;`
	`684`	`+`
`683`	`685`	`if (heap_claim_fast(timeout, address, port) < 0)`
`684`	`686`	`{`
`685`	`687`	`return -ETIMEDOUT;`
`686`	`688`	`}`
	`689`	`+`
`687`	`690`	`if (address != nullptr)`
`688`	`691`	`{`
`689`	`692`	`if (!check_pointer<PermissionSet{Permission::Store}>(address))`
`@@ -705,19 +708,18 @@ NetworkReceiveResult network_socket_receive_from(Timeout *timeout,`
`705`	`708`	`}`
`706`	`709`	`if (port != nullptr)`
`707`	`710`	`{`
`708`		`- if (!check_pointer<PermissionSet{Permission::Store}>(address))`
	`711`	`+ if (!check_pointer<PermissionSet{Permission::Store}>(port))`
`709`	`712`	`{`
`710`	`713`	`return -EPERM;`
`711`	`714`	`}`
`712`	`715`	`*port = FreeRTOS_ntohs(remoteAddress.sin_port);`
`713`	`716`	`}`
`714`		`- if (received > 0)`
`715`		`- {`
`716`		`- buffer = claimedBuffer;`
`717`		`- return received;`
`718`		`- }`
	`717`	`+`
	`718`	`+ buffer = claimedBuffer;`
	`719`	`+ c.release();`
	`720`	`+ return received;`
`719`	`721`	`}`
`720`		`- else if (received < 0)`
	`722`	`+ if (received < 0)`
`721`	`723`	`{`
`722`	`724`	`if (received == -pdFREERTOS_ERRNO_ENOTCONN)`
`723`	`725`	`{`
`@@ -728,12 +730,13 @@ NetworkReceiveResult network_socket_receive_from(Timeout *timeout,`
`728`	`730`	`{`
`729`	`731`	`return -ETIMEDOUT;`
`730`	`732`	`}`
	`733`	`+`
`731`	`734`	`// Something went wrong?`
`732`	`735`	`Debug::log("Receive failed with unexpected error: {}", received);`
`733`	`736`	`return -EINVAL;`
`734`	`737`	`}`
`735`		`- return received;`
`736`		`- },`
	`738`	+ return received; // We had `received` == 0.
	`739`	`+ } /* with_sealed_socket */,`
`737`	`740`	`socket);`
`738`	`741`	`return {result, buffer};`
`739`	`742`	`}`