otbr: improve validation of OTBR settings file#4413
Draft
Conversation
The current validation only checks if ACTIVE_DATASET (0x1) is present in the settings files. However, this can incorrectly match on data that doesn't contain Thread TLVs, but also for ephemeral data (boot time marker) created by OpenThread's TmpStorage [1], as seen in this hexdump of the file: ``` 00000000: 0100 0800 b477 8b69 0000 0000 0200 1000 .....w.i........ ``` To make the check more robust, check not only for the key, but also for value length, which should normally be larger than time_t. [1] https://github.com/openthread/openthread/blob/thread-reference-20250612/src/posix/platform/tmp_storage.cpp#L75
Member
Author
|
This is to mitigate problem stemming from the issue described in #4412. Since these two PRs are in collision, and maybe the validation might not be ideal, I'm submitting it only as draft now, but will update the changelog and version once the other PR is merged or once it's the solution is approved. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The current validation only checks if ACTIVE_DATASET (0x1) is present in the settings files. However, this can incorrectly match on data that doesn't contain Thread TLVs, but also for ephemeral data (boot time marker) created by OpenThread's TmpStorage [1], as seen in this hexdump of the file:
To make the check more robust, check not only for the key, but also for value length, which should normally be larger than time_t.
[1] https://github.com/openthread/openthread/blob/thread-reference-20250612/src/posix/platform/tmp_storage.cpp#L75