Skip to content

mgmt: hawkbit: domain name buffer length and add check #89497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 27, 2025
Merged

mgmt: hawkbit: domain name buffer length and add check #89497

merged 4 commits into from
May 27, 2025

Conversation

nealjack
Copy link
Contributor

@nealjack nealjack commented May 5, 2025

This PR fixes the hb_cfg.server_addr buffer and adds a length check when setting this value.

Hawkbit uses DNS_MAX_NAME_SIZE for its internal buffer which is intended for a DNS response, not the query. By default DNS_MAX_NAME_SIZE is only 20 bytes and results in truncation for a domain name longer than that. For example, the domain name hawkbit.yourcompany.com would be truncated and fail to resolve. The Kconfig DNS_RESOLVER_MAX_QUERY_LEN is the correct macro to use here for a query, and is by default 256 bytes, in line with RFC1035.

Since DNS_RESOLVER_MAX_QUERY_LEN is adjustable, hawkbit_set_config also requires a length check to ensure that any domain name that is passed in can be fit in its internal buffer. This prevents silent truncation of the domain name.

@github-actions github-actions bot requested a review from maass-hamburg May 5, 2025 17:09
@nealjack nealjack mentioned this pull request May 5, 2025
Merged
maass-hamburg
maass-hamburg requested changes May 6, 2025
View reviewed changes
Copy link
Collaborator

@maass-hamburg maass-hamburg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also after line 287 in hawkbit.c
so that the length is not checkt that strict of the server_addr:
line 288: if (len > sizeof(hb_cfg.server_addr)) {
line 292: rc = read_cb(cb_arg, &hb_cfg.server_addr, len);

line 361: (void)cb("hawkbit/server_addr", &hb_cfg.server_addr, strlen(hb_cfg.server_addr));

@nealjack
mgmt: hawkbit: replace DNS_MAX_NAME_SIZE with DNS_RESOLVER_MAX_QUERY_LEN
6ccd7d4 
The hawkbit subsystem was erroneously using DNS_MAX_NAME_SIZE as the
maximum query length. This limited query strings to only 20 bytes,
truncating many domain names.

Signed-off-by: Neal Jackson <[email protected]>
@nealjack nealjack force-pushed the hawkbit_dns_len_fix branch from 7628398 to 588b472 Compare May 6, 2025 15:23
@maass-hamburg maass-hamburg changed the title fix hawkbit domain name buffer length and add check mgmt: hawkbit: domain name buffer length and add check May 6, 2025
maass-hamburg
maass-hamburg reviewed May 6, 2025
View reviewed changes
@nealjack nealjack force-pushed the hawkbit_dns_len_fix branch 2 times, most recently from 92a2b9c to 5e9ba77 Compare May 6, 2025 20:33
maass-hamburg
maass-hamburg reviewed May 7, 2025
View reviewed changes
@maass-hamburg maass-hamburg requested a review from rlubos May 7, 2025 08:27
maass-hamburg
maass-hamburg reviewed May 7, 2025
View reviewed changes
@nealjack
mgmt: hawkbit: add check for valid domain name length
3bbf005 
This commit adds a `strnlen` length check for `server_addr` to ensure that
it will not be truncated and result in a silent failure. Instead, the
call to `hawkbit_set_config` will return -EINVAL if the supplied
`server_addr` is too long for the internal buffer.

Signed-off-by: Neal Jackson <[email protected]>
@nealjack nealjack force-pushed the hawkbit_dns_len_fix branch from 5e9ba77 to d0510f4 Compare May 7, 2025 17:07
maass-hamburg
maass-hamburg requested changes May 7, 2025
View reviewed changes
@nealjack nealjack force-pushed the hawkbit_dns_len_fix branch from d0510f4 to d891ece Compare May 7, 2025 18:09
maass-hamburg
maass-hamburg requested changes May 7, 2025
View reviewed changes
nealjack added 2 commits May 7, 2025 12:45
@nealjack
mgmt: hawkbit: use sizeof in server_addr length checks
190ced5 
Simplify length checks by using sizeof for the server_addr array.

Signed-off-by: Neal Jackson <[email protected]>
@nealjack
mgmt: hawkbit: remove DNS_RESOLVER requirement for server_addr
acf4bee 
This commit removes the requirement for DNS_RESOLVER. If DNS_RESOLVER is
enabled, hawkbit uses `CONFIG_DNS_RESOLVER_MAX_QUERY_LEN` for the
server_addr buffer, if disabled it uses `CONFIG_INET6_ADDRSTRLEN`.
This adheres to zephyrproject-rtos#89533 which removes the requirement for DNS_RESOLVER.

Signed-off-by: Neal Jackson <[email protected]>
@nealjack nealjack force-pushed the hawkbit_dns_len_fix branch from d891ece to acf4bee Compare May 7, 2025 18:46
@nealjack
Copy link
Contributor Author

Are there any other changes that are required for this pull request?

@rlubos rlubos requested a review from maass-hamburg May 26, 2025 07:25
@kartben kartben merged commit f9701a1 into zephyrproject-rtos:main May 27, 2025
24 checks passed
@github-actions GitHub Actions
Copy link

Hi @nealjack!
Congratulations on getting your very first Zephyr pull request merged 🎉🥳. This is a fantastic achievement, and we're thrilled to have you as part of our community!

To celebrate this milestone and showcase your contribution, we'd love to award you the Zephyr Technical Contributor badge. If you're interested, please claim your badge by filling out this form: Claim Your Zephyr Badge.

Thank you for your valuable input, and we look forward to seeing more of your contributions in the future! 🪁

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rlubos rlubos rlubos approved these changes

@maass-hamburg maass-hamburg maass-hamburg approved these changes

Assignees

@maass-hamburg maass-hamburg

Labels
area: hawkBit
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nealjack @rlubos @maass-hamburg @kartben