Client socket: bugfixes in next address connection mechanism
The client socket mechanism to try next possible addresses for a connection is not functional for more than 2 addresses. This is applicable to OPC UA clients and servers in case of reverse connection mechanism.
- The mechanism stops after trying the second possible address: other addresses are ignored
- The mechanism accesses freed memory if the second possible address fails immediately for connection. See details below.
The client socket mechanism accesses freed memory when several addresses are identified and next address attempt is made but immediately fails. This is due to the fact that SOPC_SocketsEventMgr_ConnectClient
was calling SOPC_SocketsInternalContext_CloseSocket
(instead of raw SOPC_Socket_Close
) whereas a new attempt might be done with the next address in socket context.
Issue was identified with ASAN on server test binary with reverse connection activated:
=================================================================
==27==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000070b8 at pc 0x00000056540c bp 0x7fabf4cfca00 sp 0x7fabf4cfc9f8
READ of size 8 at 0x6070000070b8 thread T3
#0 0x56540b in SOPC_Socket_AddrInfo_IterNext /builds/systerel/S2OPC/src/Common/helpers_platform_dep/linux/p_sockets.c:75
#1 0x4b1af4 in SOPC_SocketsEventMgr_NextConnectClientAttempt /builds/systerel/S2OPC/src/ClientServer/sockets/sopc_sockets_event_mgr.c:91
#2 0x4b1af4 in SOPC_SocketsInternalEventMgr_Dispatcher /builds/systerel/S2OPC/src/ClientServer/sockets/sopc_sockets_event_mgr.c:691
#3 0x47d6a4 in SOPC_SocketsNetworkEventMgr_TreatSocketsEvents /builds/systerel/S2OPC/src/ClientServer/sockets/sopc_sockets_network_event_mgr.c:215
#4 0x47dae2 in SOPC_SocketsNetworkEventMgr_ThreadLoop /builds/systerel/S2OPC/src/ClientServer/sockets/sopc_sockets_network_event_mgr.c:282
#5 0x7fabf9e7fea6 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8ea6)
#6 0x7fabf9435dee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfddee)
0x6070000070b8 is located 40 bytes inside of 76-byte region [0x607000007090,0x6070000070dc)
freed by thread T3 here:
#0 0x7fabfa08e4f7 in free (/usr/local/lib64/libasan.so.6+0xb14f7)
#1 0x7fabf9420da7 in freeaddrinfo (/lib/x86_64-linux-gnu/libc.so.6+0xe8da7)
previously allocated by thread T3 here:
#0 0x7fabfa08e7ef in __interceptor_malloc (/usr/local/lib64/libasan.so.6+0xb17ef)
#1 0x7fabf941eac5 (/lib/x86_64-linux-gnu/libc.so.6+0xe6ac5)
#2 0x7fabf9420224 in getaddrinfo (/lib/x86_64-linux-gnu/libc.so.6+0xe8224)
#3 0x7fabfa068a14 (/usr/local/lib64/libasan.so.6+0x8ba14)
#4 0x565308 in SOPC_Socket_AddrInfo_Get /builds/systerel/S2OPC/src/Common/helpers_platform_dep/linux/p_sockets.c:58
#5 0x4b0001 in SOPC_SocketsEventMgr_CreateClientSocket /builds/systerel/S2OPC/src/ClientServer/sockets/sopc_sockets_event_mgr.c:138
#6 0x4b0001 in SOPC_SocketsEventMgr_Dispatcher /builds/systerel/S2OPC/src/ClientServer/sockets/sopc_sockets_event_mgr.c:529
#7 0x47cb3b in SOPC_Sockets_DequeueAndDispatchInputEvent /builds/systerel/S2OPC/src/ClientServer/sockets/sopc_sockets_internal_ctx.c:192
#8 0x47d414 in SOPC_SocketsNetworkEventMgr_TreatSocketsEvents /builds/systerel/S2OPC/src/ClientServer/sockets/sopc_sockets_network_event_mgr.c:196
#9 0x47dae2 in SOPC_SocketsNetworkEventMgr_ThreadLoop /builds/systerel/S2OPC/src/ClientServer/sockets/sopc_sockets_network_event_mgr.c:282
#10 0x7fabf9e7fea6 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8ea6)
Edited by Vincent Monfort