test: turn sspi-ffi-attacker into tests runnable with miri #275
Conversation
* slice creation based on the null pointer; * stacked borrows violition.
| @@ -22,8 +22,10 @@ pub struct SecPkgInfoW { | |||
|
|
|||
| pub type PSecPkgInfoW = *mut SecPkgInfoW; | |||
|
|
|||
| pub struct RawSecPkgInfoW(pub *mut SecPkgInfoW); | |||
There was a problem hiding this comment.
It was fun to investigate and fix. In short, conversions chain like this one *mut SecPkgInfoW -> &mut SecPkgInfoW -> *mut SecPkgInfoW can create UB 😮
When we create &mut SecPkgInfoW, Rust creates a SharedReadWrite tag (it relates to stacked borrows and so on). And when we convert it to the raw pointer and try to deallocate, we have UB.
This is why I removed the conversion into &mut SecPkgInfoW and refactored it to use only raw pointers
TheBestTvarynka
changed the title
sspi-ffi-attachersspi-ffi-attacker
| @@ -22,8 +22,10 @@ pub struct SecPkgInfoW { | |||
|
|
|||
| pub type PSecPkgInfoW = *mut SecPkgInfoW; | |||
|
|
|||
| pub struct RawSecPkgInfoW(pub *mut SecPkgInfoW); | |||
There was a problem hiding this comment.
question/nitpick: Should we use the PSecPkgInfoW type alias? Remove it?
There was a problem hiding this comment.
We are not allowed to implement the From trait for any raw pointers, because all raw pointers are foreign types
There was a problem hiding this comment.
Sorry, I meant this:
| pub struct RawSecPkgInfoW(pub *mut SecPkgInfoW); | |
| pub struct RawSecPkgInfoW(pub PSecPkgInfoW); |
I am under the impression that we don’t really use this alias.
|
Merging now, the remaining comment is not very important |
CBenoit
changed the title
sspi-ffi-attacker
Hi,
In the scope of this PR, I've refactored the
sspi-fii-attacker:sspi-ffi-attacker.ffi/sspi/sec_handle/tests.Now we can run those scenarios with Miri which will help us catch UBs and other memory errors.
Additional context: #261 (comment)