Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[configgrpc] fix integer overflow in grpc server configuration #10948

Merged
merged 4 commits into from
Aug 29, 2024
Merged

[configgrpc] fix integer overflow in grpc server configuration #10948

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
559b9c9
[configgrpc] fix integer overflow in configuration
codeboten Aug 22, 2024
446b443
Update .chloggen/codeboten_int64-int.yaml
codeboten Aug 22, 2024
04971f4
improve error message
codeboten Aug 22, 2024
1334e0f
Merge branch 'main' into codeboten/int64-int
codeboten Aug 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions .chloggen/codeboten_int64-int.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Use this changelog template to create an entry for release notes.

# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
change_type: bug_fix

# The name of the component, or a single word describing the area of concern, (e.g. otlpreceiver)
component: configgrpc

# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
note: Change the value of max_recv_msg_size_mib from uint64 to int to avoid a case where misconfiguration caused an integer overflow.

# One or more tracking issues or pull requests related to the change
issues: [10948]

# (Optional) One or more lines of additional information to render under the primary note.
# These lines will be padded with 2 spaces and then inserted directly into the document.
# Use pipe (|) for multiline entries.
subtext:

# Optional: The change log or logs in which this entry should be included.
# e.g. '[user]' or '[user, api]'
# Include 'user' if the change is relevant to end users.
# Include 'api' if there is a change to a library API.
# Default: '[user]'
change_logs: []
23 changes: 20 additions & 3 deletions config/configgrpc/configgrpc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"crypto/tls"
"errors"
"fmt"
"math"
"strings"
"time"

Expand Down Expand Up @@ -169,7 +170,7 @@ type ServerConfig struct {
TLSSetting *configtls.ServerConfig `mapstructure:"tls"`

// MaxRecvMsgSizeMiB sets the maximum size (in MiB) of messages accepted by the server.
MaxRecvMsgSizeMiB uint64 `mapstructure:"max_recv_msg_size_mib"`
MaxRecvMsgSizeMiB int `mapstructure:"max_recv_msg_size_mib"`

// MaxConcurrentStreams sets the limit on the number of concurrent streams to each ServerTransport.
// It has effect only for streaming RPCs.
Expand Down Expand Up @@ -320,6 +321,22 @@ func validateBalancerName(balancerName string) bool {
return balancer.Get(balancerName) != nil
}

func (gss *ServerConfig) Validate() error {
if gss.MaxRecvMsgSizeMiB*1024*1024 < 0 {
return fmt.Errorf("invalid max_recv_msg_size_mib value, must be between 1 and %d: %d", math.MaxInt/1024/1024, gss.MaxRecvMsgSizeMiB)
}

if gss.ReadBufferSize < 0 {
return fmt.Errorf("invalid read_buffer_size value: %d", gss.ReadBufferSize)
}

if gss.WriteBufferSize < 0 {
return fmt.Errorf("invalid write_buffer_size value: %d", gss.WriteBufferSize)
}

return nil
}

// ToServer returns a grpc.Server for the configuration
func (gss *ServerConfig) ToServer(_ context.Context, host component.Host, settings component.TelemetrySettings, extraOpts ...grpc.ServerOption) (*grpc.Server, error) {
opts, err := gss.toServerOption(host, settings)
Expand All @@ -346,8 +363,8 @@ func (gss *ServerConfig) toServerOption(host component.Host, settings component.
opts = append(opts, grpc.Creds(credentials.NewTLS(tlsCfg)))
}

if gss.MaxRecvMsgSizeMiB > 0 {
opts = append(opts, grpc.MaxRecvMsgSize(int(gss.MaxRecvMsgSizeMiB*1024*1024)))
if gss.MaxRecvMsgSizeMiB > 0 && gss.MaxRecvMsgSizeMiB*1024*1024 > 0 {
opts = append(opts, grpc.MaxRecvMsgSize(gss.MaxRecvMsgSizeMiB*1024*1024))
}

if gss.MaxConcurrentStreams > 0 {
Expand Down
52 changes: 52 additions & 0 deletions config/configgrpc/configgrpc_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,58 @@ func TestDefaultGrpcServerSettings(t *testing.T) {
assert.Len(t, opts, 3)
}

func TestGrpcServerValidate(t *testing.T) {
tests := []struct {
gss *ServerConfig
err string
}{
{
gss: &ServerConfig{
MaxRecvMsgSizeMiB: -1,
NetAddr: confignet.AddrConfig{
Endpoint: "0.0.0.0:1234",
},
},
err: "invalid max_recv_msg_size_mib value",
},
{
gss: &ServerConfig{
MaxRecvMsgSizeMiB: 9223372036854775807,
NetAddr: confignet.AddrConfig{
Endpoint: "0.0.0.0:1234",
},
},
err: "invalid max_recv_msg_size_mib value",
},
{
gss: &ServerConfig{
ReadBufferSize: -1,
NetAddr: confignet.AddrConfig{
Endpoint: "0.0.0.0:1234",
},
},
err: "invalid read_buffer_size value",
},
{
gss: &ServerConfig{
WriteBufferSize: -1,
NetAddr: confignet.AddrConfig{
Endpoint: "0.0.0.0:1234",
},
},
err: "invalid write_buffer_size value",
},
}

for _, tt := range tests {
t.Run(tt.err, func(t *testing.T) {
err := tt.gss.Validate()
assert.Error(t, err)
assert.Regexp(t, tt.err, err)
})
}
}

func TestAllGrpcServerSettingsExceptAuth(t *testing.T) {
gss := &ServerConfig{
NetAddr: confignet.AddrConfig{
Expand Down
Loading