Skip to content

Fix undefined behavior in dnscache.c resolveAddr #177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rgerhards wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix undefined behavior in dnscache.c resolveAddr #177

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7bb8fe4
Fix undefined behavior in resolveAddr() when calling tolower()
google-labs-jules[bot] Feb 15, 2026
b11adf4
Fix undefined behavior in imptcp and omfile with ctype functions
google-labs-jules[bot] Feb 16, 2026
7246cf5
Fix CI download failures by verifying cached archive integrity
google-labs-jules[bot] Feb 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions plugins/imptcp/imptcp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1053,7 +1053,7 @@ static rsRetVal ATTR_NONNULL(1, 2) processDataRcvd(ptcpsess_t *const __restrict_
}

if (pThis->inputState == eAtStrtFram) {
if (pThis->bSuppOctetFram && isdigit((int)c)) {
if (pThis->bSuppOctetFram && isdigit((unsigned char)c)) {
pThis->inputState = eInOctetCnt;
pThis->iOctetsRemain = 0;
pThis->eFraming = TCP_FRAMING_OCTET_COUNTING;
Expand All @@ -1075,7 +1075,7 @@ static rsRetVal ATTR_NONNULL(1, 2) processDataRcvd(ptcpsess_t *const __restrict_
int lenPeerName = 0;
uchar *propPeerIP = NULL;
int lenPeerIP = 0;
if (isdigit(c)) {
if (isdigit((unsigned char)c)) {
if (pThis->iOctetsRemain <= 200000000) {
pThis->iOctetsRemain = pThis->iOctetsRemain * 10 + c - '0';
}
Expand Down
2 changes: 1 addition & 1 deletion runtime/dnscache.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -310,7 +310,7 @@ static rsRetVal ATTR_NONNULL() resolveAddr(struct sockaddr_storage *addr, dnscac
} else { /* we have a valid entry, so let's create the respective properties */
fqdnLen = strlen(fqdnBuf);
prop.CreateStringProp(&etry->fqdn, (uchar *)fqdnBuf, fqdnLen);
for (i = 0; i < fqdnLen; ++i) fqdnBuf[i] = tolower(fqdnBuf[i]);
for (i = 0; i < fqdnLen; ++i) fqdnBuf[i] = tolower((unsigned char)fqdnBuf[i]);
Copy link

@cubic-dev-ai cubic-dev-ai bot Feb 15, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Rule violated: Code Quality Guard

SLOP_SCORE: High — This patch fixes tolower() UB only in dnscache.c but leaves the identical bug unfixed in 4 other runtime/ files (net.c:1171, tcpsrv.c:752, srutils.c:597, msg.c:4097). The (int) casts used in some of those files are also insufficient to prevent UB with negative char values — only (unsigned char) is correct. An AI-generated patch that claims to fix a class of UB but addresses a single instance is incomplete and sloppy.

Metric Score
AI_PROBABILITY 95%
POLICY_COMPLIANCE 60%
SLOP_SCORE 70%
Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At runtime/dnscache.c, line 313:

<comment>**SLOP_SCORE: High** — This patch fixes `tolower()` UB only in `dnscache.c` but leaves the identical bug unfixed in 4 other `runtime/` files (`net.c:1171`, `tcpsrv.c:752`, `srutils.c:597`, `msg.c:4097`). The `(int)` casts used in some of those files are also insufficient to prevent UB with negative `char` values — only `(unsigned char)` is correct. An AI-generated patch that claims to fix a class of UB but addresses a single instance is incomplete and sloppy.

| Metric | Score |
|---|---|
| AI_PROBABILITY | 95% |
| POLICY_COMPLIANCE | 60% |
| SLOP_SCORE | 70% |</comment>

<file context>
@@ -310,7 +310,7 @@ static rsRetVal ATTR_NONNULL() resolveAddr(struct sockaddr_storage *addr, dnscac
                 fqdnLen = strlen(fqdnBuf);
                 prop.CreateStringProp(&etry->fqdn, (uchar *)fqdnBuf, fqdnLen);
-                for (i = 0; i < fqdnLen; ++i) fqdnBuf[i] = tolower(fqdnBuf[i]);
+                for (i = 0; i < fqdnLen; ++i) fqdnBuf[i] = tolower((unsigned char)fqdnBuf[i]);
                 prop.CreateStringProp(&etry->fqdnLowerCase, (uchar *)fqdnBuf, fqdnLen);
             }
</file context>
Fix with Cubic

prop.CreateStringProp(&etry->fqdnLowerCase, (uchar *)fqdnBuf, fqdnLen);
}
}
Expand Down
154 changes: 88 additions & 66 deletions tests/diag.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2463,51 +2463,78 @@ otel_exit_handling() {
fi
}

# Helper function to download and verify a tgz file
# $1 - URL
# $2 - Destination file
# $3 - Descriptive name
download_and_verify_tgz() {
local url="$1"
local dest="$2"
local name="$3"
local retries=3
local i=0

# If file exists, verify integrity
if [ -f "$dest" ]; then
if gzip -t "$dest" >/dev/null 2>&1; then
printf '%s: satisfying dependency from cache %s\n' "$name" "$dest"
return 0
else
printf '%s: cached file %s is corrupted, removing it.\n' "$name" "$dest"
rm -f "$dest"
fi
fi

# Download loop
while [ $i -lt $retries ]; do
printf '%s: downloading from %s (attempt %d/%d)\n' "$name" "$url" "$((i+1))" "$retries"
if wget -q -O "$dest" "$url"; then
if [ -f "$dest" ] && gzip -t "$dest" >/dev/null 2>&1; then
return 0
else
printf '%s: downloaded file verification failed, retrying...\n' "$name"
fi
else
printf '%s: wget failed, retrying...\n' "$name"
fi
rm -f "$dest"
((i++))
Copy link

@cubic-dev-ai cubic-dev-ai bot Feb 16, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: ((i++)) returns exit status 1 when i is 0 (post-increment evaluates to 0). This will cause premature script termination if set -e is ever enabled. Use i=$((i + 1)) instead for safe arithmetic increment.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At tests/diag.sh, line 2501:

<comment>`((i++))` returns exit status 1 when `i` is 0 (post-increment evaluates to 0). This will cause premature script termination if `set -e` is ever enabled. Use `i=$((i + 1))` instead for safe arithmetic increment.</comment>

<file context>
@@ -2463,51 +2463,78 @@ otel_exit_handling() {
+			printf '%s: wget failed, retrying...\n' "$name"
+		fi
+		rm -f "$dest"
+		((i++))
+		$TESTTOOL_DIR/msleep 2000
+	done
</file context>
Suggested change
((i++))
i=$((i + 1))
Fix with Cubic

$TESTTOOL_DIR/msleep 2000
Copy link

@cubic-dev-ai cubic-dev-ai bot Feb 16, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: $TESTTOOL_DIR/msleep 2000 is used without checking if TESTTOOL_DIR is set or msleep exists. Other code in this diff defensively falls back to sleep. Add a similar guard here to avoid breaking the retry loop.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At tests/diag.sh, line 2502:

<comment>`$TESTTOOL_DIR/msleep 2000` is used without checking if `TESTTOOL_DIR` is set or `msleep` exists. Other code in this diff defensively falls back to `sleep`. Add a similar guard here to avoid breaking the retry loop.</comment>

<file context>
@@ -2463,51 +2463,78 @@ otel_exit_handling() {
+		fi
+		rm -f "$dest"
+		((i++))
+		$TESTTOOL_DIR/msleep 2000
+	done
+
</file context>
Fix with Cubic

done

printf '%s: failed to download valid archive after %d attempts\n' "$name" "$retries"
return 1
}

download_kafka() {
if [ ! -d $dep_cache_dir ]; then
echo "Creating dependency cache dir $dep_cache_dir"
mkdir $dep_cache_dir
fi
if [ ! -f $dep_zk_cached_file ]; then
if [ -f /local_dep_cache/$RS_ZK_DOWNLOAD ]; then
printf 'Zookeeper: satisfying dependency %s from system cache.\n' "$RS_ZK_DOWNLOAD"
cp /local_dep_cache/$RS_ZK_DOWNLOAD $dep_zk_cached_file
else
echo "Downloading zookeeper from $dep_zk_url"
echo wget -q $dep_zk_url -O $dep_zk_cached_file
wget -q $dep_zk_url -O $dep_zk_cached_file
if [ $? -ne 0 ]
then
echo error during wget, retry:
wget $dep_zk_url -O $dep_zk_cached_file
if [ $? -ne 0 ]
then
echo "Skipping test - unable to download zookeeper"
error_exit 77
fi
fi
fi
fi
if [ ! -f $dep_kafka_cached_file ]; then
if [ -f /local_dep_cache/$RS_KAFKA_DOWNLOAD ]; then
printf 'Kafka: satisfying dependency %s from system cache.\n' "$RS_KAFKA_DOWNLOAD"
cp /local_dep_cache/$RS_KAFKA_DOWNLOAD $dep_kafka_cached_file
else
echo "Downloading kafka from $dep_kafka_url"
wget -q $dep_kafka_url -O $dep_kafka_cached_file
if [ $? -ne 0 ]
then
echo error during wget, retry:
wget $dep_kafka_url -O $dep_kafka_cached_file
if [ $? -ne 0 ]
then
rm $dep_kafka_cached_file # a 0-size file may be left over
echo "Skipping test - unable to download kafka"
error_exit 77
fi
fi
fi
fi

# Zookeeper
if [ ! -f $dep_zk_cached_file ] && [ -f /local_dep_cache/$RS_ZK_DOWNLOAD ]; then
printf 'Zookeeper: satisfying dependency %s from system cache.\n' "$RS_ZK_DOWNLOAD"
cp /local_dep_cache/$RS_ZK_DOWNLOAD $dep_zk_cached_file
fi

download_and_verify_tgz "$dep_zk_url" "$dep_zk_cached_file" "Zookeeper"
if [ $? -ne 0 ]; then
echo "Skipping test - unable to download zookeeper"
error_exit 77
fi

# Kafka
if [ ! -f $dep_kafka_cached_file ] && [ -f /local_dep_cache/$RS_KAFKA_DOWNLOAD ]; then
printf 'Kafka: satisfying dependency %s from system cache.\n' "$RS_KAFKA_DOWNLOAD"
cp /local_dep_cache/$RS_KAFKA_DOWNLOAD $dep_kafka_cached_file
fi

download_and_verify_tgz "$dep_kafka_url" "$dep_kafka_cached_file" "Kafka"
if [ $? -ne 0 ]; then
echo "Skipping test - unable to download kafka"
error_exit 77
fi
}

stop_kafka() {
Expand Down Expand Up @@ -2915,15 +2942,17 @@ download_elasticsearch() {
echo "Creating dependency cache dir $dep_cache_dir"
mkdir $dep_cache_dir
fi
if [ ! -f $dep_es_cached_file ]; then
if [ -f /local_dep_cache/$ES_DOWNLOAD ]; then
printf 'ElasticSearch: satisfying dependency %s from system cache.\n' "$ES_DOWNLOAD"
cp /local_dep_cache/$ES_DOWNLOAD $dep_es_cached_file
else
dep_es_url="https://www.rsyslog.com/files/download/rsyslog/$ES_DOWNLOAD"
printf 'ElasticSearch: satisfying dependency %s from %s\n' "$ES_DOWNLOAD" "$dep_es_url"
wget -q $dep_es_url -O $dep_es_cached_file
fi

if [ ! -f $dep_es_cached_file ] && [ -f /local_dep_cache/$ES_DOWNLOAD ]; then
printf 'ElasticSearch: satisfying dependency %s from system cache.\n' "$ES_DOWNLOAD"
cp /local_dep_cache/$ES_DOWNLOAD $dep_es_cached_file
fi

dep_es_url="https://www.rsyslog.com/files/download/rsyslog/$ES_DOWNLOAD"
download_and_verify_tgz "$dep_es_url" "$dep_es_cached_file" "ElasticSearch"
if [ $? -ne 0 ]; then
echo "Skipping test - unable to download Elasticsearch"
error_exit 77
fi
}

Expand Down Expand Up @@ -3277,23 +3306,16 @@ download_otel_collector() {
echo "Creating dependency cache dir $dep_cache_dir"
mkdir -p $dep_cache_dir
fi
if [ ! -f $dep_otel_collector_cached_file ]; then
if [ -f /local_dep_cache/$OTEL_COLLECTOR_DOWNLOAD ]; then
printf 'OTEL Collector: satisfying dependency %s from system cache.\n' "$OTEL_COLLECTOR_DOWNLOAD"
cp /local_dep_cache/$OTEL_COLLECTOR_DOWNLOAD $dep_otel_collector_cached_file
else
printf 'OTEL Collector: downloading %s from %s\n' "$OTEL_COLLECTOR_DOWNLOAD" "$dep_otel_collector_url"
wget -q $dep_otel_collector_url -O $dep_otel_collector_cached_file
if [ $? -ne 0 ]; then
echo "error during wget, retry:"
wget $dep_otel_collector_url -O $dep_otel_collector_cached_file
if [ $? -ne 0 ]; then
rm -f $dep_otel_collector_cached_file
echo "Skipping test - unable to download OTEL Collector"
error_exit 77
fi
fi
fi

if [ ! -f $dep_otel_collector_cached_file ] && [ -f /local_dep_cache/$OTEL_COLLECTOR_DOWNLOAD ]; then
printf 'OTEL Collector: satisfying dependency %s from system cache.\n' "$OTEL_COLLECTOR_DOWNLOAD"
cp /local_dep_cache/$OTEL_COLLECTOR_DOWNLOAD $dep_otel_collector_cached_file
fi

download_and_verify_tgz "$dep_otel_collector_url" "$dep_otel_collector_cached_file" "OTEL Collector"
if [ $? -ne 0 ]; then
echo "Skipping test - unable to download OTEL Collector"
error_exit 77
fi
}

Expand Down
2 changes: 1 addition & 1 deletion tools/omfile.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1544,7 +1544,7 @@ BEGINnewActInst

int allWhiteSpace = 1;
for (const char *p = (const char *)pData->fname; *p; ++p) {
if (!isspace(*p)) {
if (!isspace((unsigned char)*p)) {
allWhiteSpace = 0;
break;
}
Expand Down
Loading