From patchwork Mon Jan 30 13:20:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 3023 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp3218761dyk; Mon, 30 Jan 2023 05:21:16 -0800 (PST) X-Google-Smtp-Source: AK7set9bRWpBQzV79sfXzkujzFn8u/vE4H0gVwyHCa2gp10WwME9YuyDBDseZYkE7Bq2vTlYJH2H X-Received: by 2002:a05:6a20:4e27:b0:bc:c663:41b8 with SMTP id gk39-20020a056a204e2700b000bcc66341b8mr5567510pzb.20.1675084876248; Mon, 30 Jan 2023 05:21:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675084876; cv=none; d=google.com; s=arc-20160816; b=mPew85K8M9jhZhTSDYHy4o56WtCn4TGevsJl9L7q37NwevMY17tJPf/jeSlhdMRRu2 ZpMsU8485Re8hTwxiYx8Z1Jap0cClaEwId8dSrJxGOoP/cZQ9XRrMOvrJ9g0BcDX8f/M wX0bhpbNqiqCq6vh+s+yj/hE4OB+mVvDmKNdCyh6wwr9t/CtiHnUzMVU15xXhLKI5dK/ GoTu3FxRNpTlU9eQyk3RKfWxETzj7ISp8tcV73ctS9PeSFUk0dEYNKXUrKyVZYeYQUJd OKnOo9+VrodgapX02ZAuZPt/jEno9CeRZkGcELZq2E0pcoa8UQURQtHJykrvlea7lu0B K7BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=YrO9WGwk4ioc90MfndsNzCcMVr9V7mr/eadiY9LOaOk=; b=CJVU5rua6SDAoT5rfE3u4AkfS8Bqr34mgtmBoMVhW+v9AtNbIl1rzFfFimcrwaaqgW TFhtW5RjWGgIe+4TVmez4/aYCygkd624KPH7KjRYfpBWOg5WR91rH+QPSSJmxcRSL6OU dXlEeGrj7MyyY4O1b18XTexT77nZQzI+JZLNcumckzWgUqgyko6TGt3YWBeMacv8TVRJ TClUzQBt6vK3QCKhVNLZ3ir4aexWyTZbbYaykhiIllX+w6DUWtbVKf5HM/TLpPM8lzmc ZAWJsYKiWm2YYOq6nnK+pvp3gTaYSF+aeOcDJoV9jRwRnDy45rA6Ao01WJLeYkM7CO/7 NikA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Y8ZkTjD8; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YGevwcpH; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id q15-20020a170902dacf00b001927b1a903dsi13618727plx.332.2023.01.30.05.21.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Jan 2023 05:21:16 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Y8ZkTjD8; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YGevwcpH; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pMU5D-0000Ps-GL; Mon, 30 Jan 2023 13:20:26 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pMU5C-0000Pg-3w for openvpn-devel@lists.sourceforge.net; Mon, 30 Jan 2023 13:20:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=zyQISjloFw39fxnzcbMy+7Lw3a8upoH8169HB+DBK+k=; b=Y8ZkTjD8IzAd22bA1qlWA1mXVQ tJtARE94HV9cJGy4PeHycFQZmJan2jPLjV/NGohXrsoW1h/tqu5Wb84xwmZbkNBUP0y9AKCzmj6Or Byc5pamOPb+J4ZU2f5h6zPzph4IJRW5psiN3rIF619AZLMmaCekt2T2cdK1t/XfGQBcc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=zyQISjloFw39fxnzcbMy+7Lw3a8upoH8169HB+DBK+k=; b=Y GevwcpHIjxBnX66HPrfoYmvtlFitXJ3sqjixlmve6Eec2jUsdhvIWytQLObMUYiQRPMtBxlCxpyEW YKIT6IhXG6GpacOQQPBRXIvoI0hduo/Kv/DdU4pVVJOOnFdxKsaFxMWGRh6J31fxR+wJjiWZVO9Ci iInwl7WaJLscy1aI=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pMU58-00054F-4b for openvpn-devel@lists.sourceforge.net; Mon, 30 Jan 2023 13:20:24 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pMU4w-000J74-6D for openvpn-devel@lists.sourceforge.net; Mon, 30 Jan 2023 14:20:10 +0100 Received: (nullmailer pid 3415133 invoked by uid 10006); Mon, 30 Jan 2023 13:20:10 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Mon, 30 Jan 2023 14:20:09 +0100 Message-Id: <20230130132010.3415087-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The undefined behaviour USAN clang checker found these two cases. The optimiser of clang/gcc will optimise the memcpy away in the auth_token case and output excactly the same assembly on amd64/arm64 b [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1pMU58-00054F-4b Subject: [Openvpn-devel] [PATCH 1/2] Fix unaligned access in macOS/Solaris hwaddr and auth-token X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1756453798816668619?= X-GMAIL-MSGID: =?utf-8?q?1756453798816668619?= The undefined behaviour USAN clang checker found these two cases. The optimiser of clang/gcc will optimise the memcpy away in the auth_token case and output excactly the same assembly on amd64/arm64 but it is still better to not rely on undefined behaviour. The hw addr fix is a mess but so are the original structures. Signed-off-by: Arne Schwabe --- src/openvpn/auth_token.c | 10 ++++++++-- src/openvpn/route.c | 32 +++++++++++++++++++++++--------- 2 files changed, 31 insertions(+), 11 deletions(-) diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c index 7b963a9c5..530b3aa4c 100644 --- a/src/openvpn/auth_token.c +++ b/src/openvpn/auth_token.c @@ -324,8 +324,14 @@ verify_auth_token(struct user_pass *up, struct tls_multi *multi, const uint8_t *tstamp_initial = sessid + AUTH_TOKEN_SESSION_ID_LEN; const uint8_t *tstamp = tstamp_initial + sizeof(int64_t); - uint64_t timestamp = ntohll(*((uint64_t *) (tstamp))); - uint64_t timestamp_initial = ntohll(*((uint64_t *) (tstamp_initial))); + /* This might not be aligned to an uint64, use memcpy to avoid + * unaligned access */ + uint64_t timestamp = 0, timestamp_initial = 0; + memcpy(×tamp, tstamp, sizeof(uint64_t)); + timestamp = ntohll(timestamp); + + memcpy(×tamp_initial, tstamp_initial, sizeof(uint64_t)); + timestamp_initial = ntohll(timestamp_initial); hmac_ctx_t *ctx = multi->opt.auth_token_key.hmac; if (check_hmac_token(ctx, b64decoded, up->username)) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 82519c94b..06bfb799c 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -3637,7 +3637,7 @@ get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) if (rgi->flags & RGI_IFACE_DEFINED) { struct ifconf ifc; - struct ifreq *ifr; + struct ifreq ifr; const int bufsize = 4096; char *buffer; @@ -3662,23 +3662,37 @@ get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx) for (cp = buffer; cp <= buffer + ifc.ifc_len - sizeof(struct ifreq); ) { - ifr = (struct ifreq *)cp; + /* this is not always using an 8byte alignment that struct ifr + * requires */ + memcpy(&ifr, cp, sizeof(struct ifreq)); #if defined(TARGET_SOLARIS) - const size_t len = sizeof(ifr->ifr_name) + sizeof(ifr->ifr_addr); + const size_t len = sizeof(ifr.ifr_name) + sizeof(ifr.ifr_addr); #else - const size_t len = sizeof(ifr->ifr_name) + max(sizeof(ifr->ifr_addr), ifr->ifr_addr.sa_len); + const size_t len = sizeof(ifr.ifr_name) + max(sizeof(ifr.ifr_addr), ifr.ifr_addr.sa_len); #endif - if (!ifr->ifr_addr.sa_family) + if (!ifr.ifr_addr.sa_family) { break; } - if (!strncmp(ifr->ifr_name, rgi->iface, IFNAMSIZ)) + if (!strncmp(ifr.ifr_name, rgi->iface, IFNAMSIZ)) { - if (ifr->ifr_addr.sa_family == AF_LINK) + if (ifr.ifr_addr.sa_family == AF_LINK) { - struct sockaddr_dl *sdl = (struct sockaddr_dl *)&ifr->ifr_addr; - memcpy(rgi->hwaddr, LLADDR(sdl), 6); + /* This is a broken member access. struct sockaddr_dl has + * 20 bytes while if_addr has only 16 bytes. So casting if_addr + * to struct sockaddr_dl gives (legitimate) warnings + * + * sockaddr_dl has 12 bytes space for the hw address and + * Ethernet only uses 6 bytes. So the last 4 that are + * truncated and not in if_addr can be ignored here. + * + * So we use a memcpy here to avoid the warnings with ASAN + * that we are doing a very nasty cast here + */ + struct sockaddr_dl sdl = { 0 }; + memcpy(&sdl, &ifr.ifr_addr, sizeof(ifr.ifr_addr)); + memcpy(rgi->hwaddr, LLADDR(&sdl), 6); rgi->flags |= RGI_HWADDR_DEFINED; } } From patchwork Mon Jan 30 13:20:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 3022 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp3218480dyk; Mon, 30 Jan 2023 05:20:49 -0800 (PST) X-Google-Smtp-Source: AK7set8CIHJ3MmnOV21LqHFRA+0ATRkE/7rE1efVgayjoU8jWlUoQ72FJjf5wUU8dS5VYw3LRLPv X-Received: by 2002:a17:902:f54d:b0:196:7c50:f5f8 with SMTP id h13-20020a170902f54d00b001967c50f5f8mr6020015plf.28.1675084848873; Mon, 30 Jan 2023 05:20:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675084848; cv=none; d=google.com; s=arc-20160816; b=HhRifrNQmgSKGZDhACqTBgawOObgdR/l+U8PzOGkVfrG3H2i0ucDaJWRT1SzFB4m9C ac3W7u6as6GqgzNvaTXYmVCmJnu0wbk3ZE/lBv04nPdahOq1ITRVVDrLkwxlwKc31r7/ 2vUKEGfFPtDdEUDUG5rh2TyWqMn8oJf6or/kT1raak8n7HA23Hvew6Rr8BaZnPdes93D z0tzRC0joNQnx20KVeY+gxnnixQHFGZETMYG3CxX92Sf54RvkgWG8OKpdw+8gaZ+S/R2 vwiyAIAEKdHCZqA2KL1gTN00JsuGIB7i3aP6+97TnS29Ee/h+I2F4bXOxuB5TmU1lGvO eQlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=TK4e2FYp0qHgauZynwhbR1KiTuXd9TCsrXsv2TYRn2k=; b=bbc9X1UUhT01nJawIUu9E+vR6psqmCSrrzH5QovpzWOZUPKYHV2nJYXGWOOVSyuea6 Od/xBSa0Y4F4tEr9YOh3zV0zahgDxIvRcXS6tKrYQ/VsxTwOSvhMZOCJmhv82AJMP1Ku cccenntIKJFZ8kY3H8cuvgJ+MKLs/NCHkWwJyCtcE4ThOr0t73sfRalh8/HCTQZvyUne 3xpcfstbkYUAQjM4nreemrVJUS9mFokRNYFrsDsSdOh2dgcLS7EorQaC3ERjhv0FxSHs X5QWeU5d/iVMRM9CtHK743r4z6pIfm3e90io1wgutbk3p3fU+OdYOslW5ddXynh+WFbZ F+Jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=VAphimZW; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YC9gr5hJ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id q1-20020a170902b10100b00193363e0dacsi9247352plr.361.2023.01.30.05.20.48 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Jan 2023 05:20:48 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=VAphimZW; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YC9gr5hJ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pMU5D-0000Pn-7S; Mon, 30 Jan 2023 13:20:25 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pMU5B-0000Pa-To for openvpn-devel@lists.sourceforge.net; Mon, 30 Jan 2023 13:20:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wgH+LRhqwuOjuAJgFbofOL3OL8wMR+QFkMFJiMUdslE=; b=VAphimZW+jPWcuTdiDLQETfQo6 mu/D66ok02ewiIXjkRUBaYpCQbPmwa+CCE+UPtoidhdt8CwuXRVNlio8ryVVJBKWcKZSUV5SZYziF vmsHvFupVw5hDDvWuEc9j+PqgAtp6Qk1DHXCkTklvfvaWGDNHNz9oIMi8coO72CpSX80=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=wgH+LRhqwuOjuAJgFbofOL3OL8wMR+QFkMFJiMUdslE=; b=YC9gr5hJjGHOrTPL4QVFfrOQZ4 I7cFNdK0/UMrQRRNpK/Q8TPfCFT3Id3cwWnI7wuzUEDs56Q22XIP8ISj9+Aebf7Ab24ZgJBDyJUuQ a5c+fYeN32XiX3X4qQybfFIP/Bksnnt5W7JdukJXQ9cP6izYrJ28MnJ4J3D/6CDl+4bs=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pMU58-003jOM-9o for openvpn-devel@lists.sourceforge.net; Mon, 30 Jan 2023 13:20:24 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pMU4w-000J76-6r for openvpn-devel@lists.sourceforge.net; Mon, 30 Jan 2023 14:20:10 +0100 Received: (nullmailer pid 3415136 invoked by uid 10006); Mon, 30 Jan 2023 13:20:10 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Mon, 30 Jan 2023 14:20:10 +0100 Message-Id: <20230130132010.3415087-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230130132010.3415087-1-arne@rfc2549.org> References: <20230130132010.3415087-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The -fno-sanitize-recover=all flag ensures that for all errors we actually abort the tests in the automated testing and not just print some errors in red that nobody sess. Also add the undefined tests [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1pMU58-003jOM-9o Subject: [Openvpn-devel] [PATCH 2/2] Add undefined and abort on error to clang sanaitize builds X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1756453770604061631?= X-GMAIL-MSGID: =?utf-8?q?1756453770604061631?= The -fno-sanitize-recover=all flag ensures that for all errors we actually abort the tests in the automated testing and not just print some errors in red that nobody sess. Also add the undefined tests to catch more bugs Signed-off-by: Arne Schwabe --- .github/workflows/build.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2db90bcde..320796bf3 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -251,7 +251,7 @@ jobs: - name: autoconf run: autoreconf -fvi - name: configure - run: CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}} + run: CFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}} - name: make all run: make -j3 - name: make check @@ -266,8 +266,8 @@ jobs: os: [macos-11, macos-12] include: - build: asan - cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address + cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" + ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all # Our build system ignores LDFLAGS for plugins configureflags: --disable-plugin-auth-pam --disable-plugin-down-root - build: normal @@ -386,8 +386,8 @@ jobs: configureflags: ["--with-openssl-engine=no"] include: - build: asan - cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address + cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" + ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all cc: clang - build: normal cflags: "-O2 -g"