From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <alviro.iskandar@gnuweeb.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	server-vie001.gnuweeb.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,PDS_OTHER_BAD_TLD,
	URIBL_DBL_BLOCKED_OPENDNS,URIBL_ZEN_BLOCKED_OPENDNS autolearn=no
	autolearn_force=no version=3.4.6
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org;
	s=new2025; t=1757585484;
	bh=trobqj84zX6ZUxXjIw5+nqAsTiPR7S261FE5/9gEyGw=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type:Content-Transfer-Encoding:Message-ID:Date:From:
	 Reply-To:Subject:To:Cc:In-Reply-To:References:Resent-Date:
	 Resent-From:Resent-To:Resent-Cc:User-Agent:Content-Type:
	 Content-Transfer-Encoding;
	b=YdiTbBN+73DgSqHAHxzEqao60Kq+LUIZYftCZECA5v9tE14CEe9f5s5H3ey8XXEHM
	 LOzd2gLrZ7a8liU7CNB0Mgs/dNyZKa1Fjq0u7ax+9a7entzPLPJLA0GWhX3OtGJ2Me
	 5pFtqRR6cMqPi7sd/SnA4accxYM7CTjRfKNYSYKr0P4p/2gdo1X5wUfctzw6RVXAoC
	 f18HNOEQLxS9pddfgo0VgIFtyqMIbldu2h7r3u30+TK3Vw3F9HtYlY1tRM813qrEAB
	 UD6is3ID6jW6I5kyNfVKIhXngNG/Ddh9DZCFSwcO1G7kD/HJdGJPp2gfaw9ojB+0wk
	 BPx+KDHGUSwtw==
Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44])
	by server-vie001.gnuweeb.org (Postfix) with ESMTPSA id 163CF3127994
	for <gwml@vger.gnuweeb.org>; Thu, 11 Sep 2025 10:11:24 +0000 (UTC)
Received: by mail-pj1-f44.google.com with SMTP id 98e67ed59e1d1-32da4f36572so346288a91.3
        for <gwml@vger.gnuweeb.org>; Thu, 11 Sep 2025 03:11:23 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCW7C3LRK/YbSBHj7/I+GobQxZxhpgrtk9gg94jxOWbchzCnnrIcgxc5c+O/40cb0wScxBw6@vger.gnuweeb.org
X-Gm-Message-State: AOJu0YxIXyunaU8pLeOq9M2i18aTy5dVuvwVuzWAHLqWGCuG985UCljQ
	/j6IsM/5KFXCzt5DTl9gDJj7WYNqDcAiIz8nbpd5060A/65BdVsTYbMYL6JPppHbGLkVIWwkl9c
	ZKIs8WVRw+EBmdcDY39oba15TsYo7hfQ=
X-Google-Smtp-Source: AGHT+IGajiE8CnCDtHwW0mjzZQ3k8dUzz0pPCB8YY4uPxFXG+S0DaX4Z+K3GursZ13tNvDlN6OqXXpPQA9lZNwgrFdg=
X-Received: by 2002:a17:90b:1343:b0:32b:58d4:e9d0 with SMTP id
 98e67ed59e1d1-32d43f98ca9mr23946871a91.23.1757585482402; Thu, 11 Sep 2025
 03:11:22 -0700 (PDT)
MIME-Version: 1.0
References: <20250910104326.580778-1-reyuki@gnuweeb.org> <20250910104326.580778-3-reyuki@gnuweeb.org>
In-Reply-To: <20250910104326.580778-3-reyuki@gnuweeb.org>
From: Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Date: Thu, 11 Sep 2025 17:11:11 +0700
X-Gmail-Original-Message-ID: <CAOG64qOvjYWb-gN7SZQAbxLaMSWuSoDu1Z35+mrqUthb+uGKYw@mail.gmail.com>
X-Gm-Features: Ac12FXx2qz6Nf_-maKmJp7y_DDaMahXDunp1pWSChgP3TD_5iBc6uMBYCcXu8SA
Message-ID: <CAOG64qOvjYWb-gN7SZQAbxLaMSWuSoDu1Z35+mrqUthb+uGKYw@mail.gmail.com>
Subject: Re: [PATCH gwproxy v10 2/2] gwproxy: refactor code base to add
 experimental raw DNS backend
To: Ahmad Gani <reyuki@gnuweeb.org>
Cc: Ammar Faizi <ammarfaizi2@gnuweeb.org>, "GNU/Weeb Mailing List" <gwml@vger.gnuweeb.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <gwml.vger.gnuweeb.org>

On Wed, Sep 10, 2025 at 5:44=E2=80=AFPM Ahmad Gani wrote:
> +       cfg =3D &w->ctx->cfg;
> +       resolv =3D &w->dns_resolver;
> +       p1 =3D realloc(resolv->stack.arr, cfg->sess_map_cap * sizeof(*res=
olv->stack.arr));
> +       if (!p1)
> +               return;
> +       resolv->stack.arr =3D p1;
> +
> +       p2 =3D realloc(resolv->sess_map, cfg->sess_map_cap * sizeof(*reso=
lv->sess_map));
> +       if (!p2)
> +               return;
> +       resolv->sess_map =3D p2;

This shrink operation looks very *dangerous* to me. Think, what
happens if "p2 =3D realloc()" fails?

You update "->stack.arr =3D p1;" but given "->stack.top >=3D
->sess_map_cap", now ->stack.top is pointing to an index beyond the
array capacity because you have just successfully shrunk the array
capacity down to ->sess_map_cap. Next time, a client with SOCKS5
hostname comes in, you call pop_txid(), and you will explode
   ->stack.arr[--resolv->stack.top] ** OVERFLOW **
because ->stack.top is not updated. That kind of pattern is only safe
for array expansion, not for this shrink op definitely. You're allowed
to over allocate the size, but not under allocate.

> +       memset(p2, 0, cfg->sess_map_cap * sizeof(*resolv->sess_map));
> +
> +       i =3D cfg->sess_map_cap;
> +       resolv->stack.top =3D i--;
> +       for (; i <=3D 0; i--)
> +               p1[i] =3D i;
> +
> +       resolv->sess_map_cap =3D cfg->sess_map_cap;

Meanwhile, ->stack.top *is* only updated when p2 is successfully
shrunk, what if *only the p1 succeeds*?

My hunch is that you may still need some basic training on C
programming. Today, I am still not confident with your overall series.
This feature is still far away from an acceptable state. For now, big
NAK from me on this series.

Anyway, this patch is doing too many things. It's not something you
should do in a single commit. Please split it into smaller, more
manageable pieces.

tq
--=20
Software Engineer & ITPM Officer
Alviro Iskandar Setiawan
+1 908 777 0074