network-interface icon indicating copy to clipboard operation
network-interface copied to clipboard
verified publisher icon EstebanBorai

non-idiomatic use of IfAddrIterator leads to a use after free.

Open quitbug opened this issue 10 months ago • 0 comments

Hi, I have encountered a potential issue in the IfAddrIterator implementation that may lead to a use after free in safe Rust.

https://github.com/LeoBorai/network-interface/blob/ac7193e3287b4ad7e3c840dde1142c3b680d04a5/src/target/getifaddrs.rs#L4-L27

The following test code can trigger a uaf error because the iterator returns something that resides within the iterator itself. So if the iterator and its contents are destroyed before using the elements it returned, a use-after-free occurs.

fn test() {
    let mut iter = getifaddrs().unwrap();
    let mut opt = None;
    for netifa in iter {
        let sockaddr = netifa.ifa_netmask;
        if !sockaddr.is_null() {
            opt = Some(netifa);
            break;
        }
    }
    let res = make_ipv4_netmask(&opt.unwrap());
    println!("{:?}", res);
}

quitbug avatar Apr 13 '25 06:04 quitbug