Merge pull request #2757 from patricklodder/1.14.6-uninit-scopeid

net: Ensure every CNetAddr constructor initializes the scopeId field
2026-03-03 09:36:02 +00:00 · 2021-12-19 11:50:47 +00:00 · 2021-12-19 11:50:47 +00:00 · 190d48e487
commit 190d48e487
parent e4e3371b6f b31dbd9dba
3 changed files with 40 additions and 3 deletions
--- a/src/netaddress.cpp
+++ b/src/netaddress.cpp
@ -18,7 +18,6 @@ static const unsigned char pchOnionCat[] = {0xFD,0x87,0xD8,0x7E,0xEB,0x43};
 void CNetAddr::Init()
 {
    memset(ip, 0, sizeof(ip));
-    scopeId = 0;
 }

 void CNetAddr::SetIP(const CNetAddr& ipIn)
--- a/src/netaddress.h
+++ b/src/netaddress.h
@ -31,7 +31,7 @@ class CNetAddr
 {
    protected:
        unsigned char ip[16]; // in network byte order
-        uint32_t scopeId; // for scoped/link-local ipv6 addresses
+        uint32_t scopeId{0}; // for scoped/link-local ipv6 addresses

    public:
        CNetAddr();
--- a/src/test/net_tests.cpp
+++ b/src/test/net_tests.cpp
@ -156,7 +156,7 @@ BOOST_AUTO_TEST_CASE(cnode_simple_test)

    in_addr ipv4Addr;
    ipv4Addr.s_addr = 0xa0b0c001;
-    
+
    CAddress addr = CAddress(CService(ipv4Addr, 7777), NODE_NETWORK);
    std::string pszDest = "";
    bool fInboundIn = false;
@ -172,4 +172,42 @@ BOOST_AUTO_TEST_CASE(cnode_simple_test)
    BOOST_CHECK(pnode2->fFeeler == false);
 }

+// prior to PR #14728, this test triggers an undefined behavior
+BOOST_AUTO_TEST_CASE(ipv4_peer_with_ipv6_addrMe_test)
+{
+    // set up local addresses; all that's necessary to reproduce the bug is
+    // that a normal IPv4 address is among the entries, but if this address is
+    // !IsRoutable the undefined behavior is easier to trigger deterministically
+    {
+        LOCK(cs_mapLocalHost);
+        in_addr ipv4AddrLocal;
+        ipv4AddrLocal.s_addr = 0x0100007f;
+        CNetAddr addr = CNetAddr(ipv4AddrLocal);
+        LocalServiceInfo lsi;
+        lsi.nScore = 23;
+        lsi.nPort = 42;
+        mapLocalHost[addr] = lsi;
+    }
+
+    // create a peer with an IPv4 address
+    in_addr ipv4AddrPeer;
+    ipv4AddrPeer.s_addr = 0xa0b0c001;
+    CAddress addr = CAddress(CService(ipv4AddrPeer, 7777), NODE_NETWORK);
+    std::unique_ptr<CNode> pnode(new CNode(0, NODE_NETWORK, 0, INVALID_SOCKET, addr, 0, 0, std::string{}, false));
+    pnode->fSuccessfullyConnected.store(true);
+
+    // the peer claims to be reaching us via IPv6
+    in6_addr ipv6AddrLocal;
+    memset(ipv6AddrLocal.s6_addr, 0, 16);
+    ipv6AddrLocal.s6_addr[0] = 0xcc;
+    CAddress addrLocal = CAddress(CService(ipv6AddrLocal, 7777), NODE_NETWORK);
+    pnode->SetAddrLocal(addrLocal);
+
+    // before patch, this causes undefined behavior detectable with clang's -fsanitize=memory
+    AdvertiseLocal(&*pnode);
+
+    // suppress no-checks-run warning; if this test fails, it's by triggering a sanitizer
+    BOOST_CHECK(1);
+}
+
 BOOST_AUTO_TEST_SUITE_END()