Leak in Darwin protocol for publicKey #32301

woody-apple · 2024-02-24T00:59:58Z

The protocol we're asking folks to implement basically guarantees a key leak, this should be an explicit copy.

github-actions · 2024-02-24T04:29:18Z

PR #32301: Size comparison from 22bb737 to 89da639

Full report (41 builds for bl602, bl702, bl702l, cc13x4_26x4, esp32, k32w, mbed, qpg, telink)

platform	target	config	section	`22bb737`	`89da639`
bl602	lighting-app	bl602	(read/write)	1433758	1433758
			.bss	85328	85328
			.data	9496	9496
			.rodata	157528	157528
			.text	`1100754`	`1100754`
		bl602+mfd	(read/write)	1448158	1448158
			.bss	85488	85488
			.data	9472	9472
			.rodata	156488	156488
			.text	1116068	1116068
		bl602+rpc	(read/write)	1481406	1481406
			.bss	93360	93360
			.data	9880	9880
			.rodata	165104	165104
			.text	1132400	1132400
bl702	lighting-app	bl702	(read only)	3478	3478
			(read/write)	1198763	1198763
			.bss	11117	11117
			.data	3680	3680
			.rodata	106872	106872
			.text	970228	970228
		bl702+mfd	(read only)	3478	3478
			(read/write)	1209563	1209563
			.bss	11293	11293
			.data	3656	3656
			.rodata	105812	105812
			.text	981982	981982
		bl702+rpc	(read only)	3478	3478
			(read/write)	1290491	1290491
			.bss	19581	19581
			.data	4224	4224
			.rodata	122244	122244
			.text	1045180	1045180
		bl706-eth	(read/write)	1016365	1016365
			.bss	23692	23692
			.data	3256	3256
			.rodata	100216	100216
			.text	761230	761230
		bl706-wifi	(read/write)	`1250294`	`1250294`
			.bss	10561	10561
			.data	3696	3696
			.rodata	121216	121216
			.text	992416	992416
bl702l	lighting-app	bl702l	(read only)	512	512
			(read/write)	`1168112`	`1168112`
			.bss	16312	16312
			.data	5040	5040
			.rodata	100876	100876
			.text	963098	963098
		bl702l+mfd	(read only)	512	512
			(read/write)	1179516	1179516
			.bss	16488	16488
			.data	5024	5024
			.rodata	99816	99816
			.text	975420	975420
cc13x4_26x4	lighting-app	LP_EM_CC1354P10_6	(read only)	772620	772620
			(read/write)	168600	168600
			.bss	90604	90604
			.data	3560	3560
			.rodata	81644	81644
			.text	690712	690712
	lock-ftd	LP_EM_CC1354P10_6	(read only)	789252	789252
			(read/write)	178848	178848
			.bss	100852	100852
			.data	3560	3560
			.rodata	75940	75940
			.text	713048	713048
	lock-mtd	LP_EM_CC1354P10_6	(read only)	777892	777892
			(read/write)	173288	173288
			.bss	95292	95292
			.data	3560	3560
			.rodata	102692	102692
			.text	674936	674936
	pump-app	LP_EM_CC1354P10_6	(read only)	730076	730076
			(read/write)	167568	167568
			.bss	89336	89336
			.data	3552	3552
			.rodata	77364	77364
			.text	652448	652448
	pump-controller-app	LP_EM_CC1354P10_6	(read only)	715700	715700
			(read/write)	167776	167776
			.bss	89560	89560
			.data	3544	3544
			.rodata	73204	73204
			.text	642232	642232
esp32	all-clusters-app	c3devkit	(read only)	1210254	1210254
			(read/write)	1748656	1748656
			.dram0.bss	74296	74296
			.dram0.data	13620	13620
			.flash.rodata	251200	251200
			.flash.text	1210254	1210254
			.iram0.text	75530	75530
		m5stack	(read only)	1252363	1252363
			(read/write)	534148	534148
			.dram0.bss	81208	81208
			.dram0.data	35164	35164
			.flash.rodata	281856	281856
			.flash.text	1246199	1246199
			.iram0.text	125403	125403
k32w	contact	k32w0+release	(read only)	604912	604912
			(read/write)	79608	79608
			.bss	67428	67428
			.data	2196	2196
			.text	604376	604376
		k32w1+release	(read only)	1024	1024
			(read/write)	747436	747436
			.bss	79188	79188
			.data	2816	2816
			.text	626064	626064
	light	k32w0+release	(read only)	608840	608840
			(read/write)	79492	79492
			.bss	67308	67308
			.data	2200	2200
			.text	608304	608304
		k32w1+release	(read only)	1024	1024
			(read/write)	789208	789208
			.bss	80580	80580
			.data	2032	2032
			.text	667240	667240
	lock	k32w0+release	(read only)	588816	588816
			(read/write)	77480	77480
			.bss	65348	65348
			.data	2148	2148
			.text	588280	588280
mbed	lock-app-release	cy8cproto_062_4343w	(read only)	6224	6224
			(read/write)	2531528	2531528
			.bss	220448	220448
			.data	5200	5200
			.text	1494212	1494212
qpg	lighting-app	qpg6105+debug	(read/write)	1127704	1127704
			.bss	102456	102456
			.data	820	820
			.text	640088	640088
	lock-app	qpg6105+debug	(read/write)	`1087664`	`1087664`
			.bss	97200	97200
			.data	840	840
			.text	600044	600044
telink	air-quality-sensor-app	tlsr9528a_retention	(read only)	51774	51774
			(read/write)	821962	821962
			bss	49660	49660
			text	615766	615766
	all-clusters-app	tlsr9518adk80d	(read only)	29042	29042
			(read/write)	1090780	1090780
			bss	101780	101780
			text	792878	792878
	all-clusters-minimal-app	tlsr9528a	(read only)	47960	47960
			(read/write)	1048268	1048268
			bss	110084	110084
			text	764222	764222
	bridge-app	tlsr9518adk80d	(read only)	29042	29042
			(read/write)	909020	909020
			bss	93116	93116
			text	651688	651688
	contact-sensor-app	tlsr9528a_retention	(read only)	51774	51774
			(read/write)	823642	823642
			bss	49708	49708
			text	617504	617504
	light-switch-app-ota-shell-factory-data	tlsr9528a	(read only)	51584	51584
			(read/write)	929384	929384
			bss	77708	77708
			text	697680	697680
	lighting-app-ota-rpc-factory-data-4mb	tlsr9518adk80d	(read only)	29122	29122
			(read/write)	1071652	1071652
			bss	100196	100196
			text	776562	776562
	lock-app-dfu	tlsr9528a	(read only)	51584	51584
			(read/write)	901720	901720
			bss	69172	69172
			text	652884	652884
	ota-requestor-app	tlsr9518adk80d	(read only)	29042	29042
			(read/write)	927508	927508
			bss	92696	92696
			text	670210	670210
	pump-app	tlsr9258a_retention	(read only)	51774	51774
			(read/write)	826194	826194
			bss	49816	49816
			text	620460	620460
	pump-controller-app	tlsr9518adk80d	(read only)	31872	31872
			(read/write)	789908	789908
			bss	56016	56016
			text	591210	591210
	shell	tlsr9518adk80d	(read only)	29042	29042
			(read/write)	676816	676816
			bss	73672	73672
			text	462298	462298
	smoke_co_alarm-app	tlsr9528a_retention	(read only)	51774	51774
			(read/write)	830678	830678
			bss	51340	51340
			text	623574	623574
	temperature-measurement-app-mars-ota	tlsr9518adk80d	(read only)	32220	32220
			(read/write)	849221	849221
			bss	59492	59492
			text	635268	635268
	thermostat	tlsr9518adk80d	(read only)	31872	31872
			(read/write)	815576	815576
			bss	56304	56304
			text	610918	610918
	window-covering	tlsr9258a	(read only)	51584	51584
			(read/write)	833680	833680
			bss	68080	68080
			text	626174	626174

bzbarsky-apple

Is the issue a memory leak, or a leak of the key material? The PR description does not say clearly.....

bzbarsky-apple · 2024-03-01T03:56:33Z

src/darwin/Framework/CHIP/MTRCertificates.mm

+        publicKey = [keypair copyPublicKey];
+    } else {
+        publicKey = [keypair publicKey];
+        if (publicKey)


Curlies around body, please.

bzbarsky-apple · 2024-03-01T03:57:25Z

src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm

-        CHIP_ERROR err = MTRP256KeypairBridge::MatterPubKeyFromSecKeyRef(params.nocSigner.publicKey, &pubKey);
+        SecKeyRef publicKey = NULL;
+
+        if ([params.nocSigner respondsToSelector:@selector(copyPublicKey)]) {


We should have a utility function for this, or better yet a utility RAII helper, instead of copy/pasting this code around.

src/darwin/Framework/CHIP/MTRKeypair.h

github-actions · 2024-07-17T05:32:46Z

PR #32301: Size comparison from 0840ca6 to 557535b

Full report (32 builds for efr32, linux, mbed, nrfconnect, nxp, telink, tizen)

platform	target	config	section	`0840ca6`	`557535b`	change	% change
efr32	lighting-app	BRD4187C	FLASH	924668	924660	-8	-0.0
			RAM	137528	137528	0	0.0
	lock-app	BRD4338a	FLASH	733916	733908	-8	-0.0
			RAM	207892	207892	0	0.0
	window-app	BRD4187C	FLASH	1012700	1012692	-8	-0.0
			RAM	129632	129632	0	0.0
linux	chip-tool-ipv6only	arm64	unknown	20128	20128	0	0.0
			FLASH	10908108	10908108	0	0.0
			RAM	596616	596616	0	0.0
	thermostat-no-ble	arm64	unknown	9184	9184	0	0.0
			FLASH	`4169772`	`4169772`	0	0.0
			RAM	235840	235840	0	0.0
mbed	lock-app-release	cy8cproto_062_4343w	FLASH	`1502972`	`1502972`	0	0.0
			RAM	226648	226648	0	0.0
nrfconnect	all-clusters-app	nrf52840dk_nrf52840	FLASH	882696	882696	0	0.0
			RAM	142229	142229	0	0.0
		nrf7002dk_nrf5340_cpuapp	FLASH	953128	953128	0	0.0
			RAM	140657	140657	0	0.0
	all-clusters-minimal-app	nrf52840dk_nrf52840	FLASH	828172	828172	0	0.0
			RAM	141123	141123	0	0.0
nxp	contact	k32w0+release	FLASH	576164	576164	0	0.0
			RAM	70024	70024	0	0.0
		k32w1+release	FLASH	591568	591568	0	0.0
			RAM	74056	74056	0	0.0
	light	k32w0+release	FLASH	610408	610408	0	0.0
			RAM	69500	69500	0	0.0
		k32w1+release	FLASH	675192	675192	0	0.0
			RAM	82816	82816	0	0.0
telink	air-quality-sensor-app	tlsr9528a_retention	FLASH	632984	632984	0	0.0
			RAM	50528	50528	0	0.0
	all-clusters-app	tlsr9118bdk40d	FLASH	658842	658842	0	0.0
			RAM	148408	148408	0	0.0
	all-clusters-minimal-app	tlsr9528a	FLASH	779144	779144	0	0.0
			RAM	113212	113212	0	0.0
	bridge-app	tlsr9258a	FLASH	675976	675976	0	0.0
			RAM	95304	95304	0	0.0
	contact-sensor-app	tlsr9528a_retention	FLASH	634568	634568	0	0.0
			RAM	50572	50572	0	0.0
	light-switch-app-ota-shell-factory-data	tlsr9528a	FLASH	720428	720428	0	0.0
			RAM	77148	77148	0	0.0
	lighting-app-ota-factory-data	tlsr9118bdk40d	FLASH	613948	613948	0	0.0
			RAM	144636	144636	0	0.0
	lighting-app-ota-rpc-factory-data-4mb	tlsr9518adk80d	FLASH	801730	801730	0	0.0
			RAM	103040	103040	0	0.0
	lock-app-dfu	tlsr9528a	FLASH	666384	666384	0	0.0
			RAM	69852	69852	0	0.0
	ota-requestor-app	tlsr9258a	FLASH	695308	695308	0	0.0
			RAM	95028	95028	0	0.0
	pump-app	tlsr9518adk80d	FLASH	616842	616842	0	0.0
			RAM	56952	56952	0	0.0
	pump-controller-app	tlsr9518adk80d	FLASH	607226	607226	0	0.0
			RAM	56752	56752	0	0.0
	shell	tlsr9518adk80d	FLASH	466356	466356	0	0.0
			RAM	72484	72484	0	0.0
	smoke_co_alarm-app	tlsr9528a_retention	FLASH	641186	641186	0	0.0
			RAM	52200	52200	0	0.0
	temperature-measurement-app-mars-ota	tlsr9518adk80d	FLASH	651052	651052	0	0.0
			RAM	60388	60388	0	0.0
	thermostat	tlsr9518adk80d	FLASH	626116	626116	0	0.0
			RAM	57084	57084	0	0.0
	window-covering	tlsr9118bdk40d	FLASH	519342	519342	0	0.0
			RAM	97800	97800	0	0.0
tizen	all-clusters-app	arm	unknown	1584	1584	0	0.0
			FLASH	`1639396`	`1639396`	0	0.0
			RAM	48548	48548	0	0.0
	chip-tool-ubsan	arm	unknown	2384	2384	0	0.0
			FLASH	16293278	16293278	0	0.0
			RAM	`7156300`	`7156300`	0	0.0

andy31415 · 2024-10-11T14:20:48Z

This PR has not been updated in a long time. Assuming stale and closing.

* Restyled by whitespace * Restyled by clang-format --------- Co-authored-by: Restyled.io <commits@restyled.io>

github-actions · 2024-10-30T16:05:09Z

PR #32301: Size comparison from 7df7676 to 17336cd

Full report (68 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)

platform	target	config	section	`7df7676`	`17336cd`
bl602	lighting-app	bl602+mfd+littlefs+rpc	FLASH	1349306	1349306
			RAM	104120	104120
bl702	lighting-app	bl702+eth	FLASH	647028	647028
			RAM	25233	25233
		bl702+wifi	FLASH	824592	824592
			RAM	13965	13965
		bl706+mfd+rpc+littlefs	FLASH	1053582	1053582
			RAM	23821	23821
bl702l	lighting-app	bl702l+mfd+littlefs	FLASH	974366	974366
			RAM	16468	16468
cc13x4_26x4	lighting-app	LP_EM_CC1354P10_6	FLASH	836124	836124
			RAM	123676	123676
	lock-ftd	LP_EM_CC1354P10_6	FLASH	821768	821768
			RAM	125556	125556
	pump-app	LP_EM_CC1354P10_6	FLASH	768476	768476
			RAM	114048	114048
	pump-controller-app	LP_EM_CC1354P10_6	FLASH	752720	752720
			RAM	114240	114240
cc32xx	air-purifier	CC3235SF_LAUNCHXL	FLASH	625798	625798
			RAM	206132	206132
	lock	CC3235SF_LAUNCHXL	FLASH	665774	665774
			RAM	206284	206284
cyw30739	light	CYW30739B2-P5-EVK-01	unknown	2040	2040
			FLASH	678085	678085
			RAM	78692	78692
		CYW30739B2-P5-EVK-02	unknown	2040	2040
			FLASH	697937	697937
			RAM	81324	81324
		CYW30739B2-P5-EVK-03	unknown	2040	2040
			FLASH	697937	697937
			RAM	81324	81324
		CYW930739M2EVB-02	unknown	2040	2040
			FLASH	654873	654873
			RAM	73760	73760
	light-switch	CYW30739B2-P5-EVK-01	unknown	2040	2040
			FLASH	614637	614637
			RAM	71644	71644
		CYW30739B2-P5-EVK-02	unknown	2040	2040
			FLASH	634273	634273
			RAM	74196	74196
		CYW30739B2-P5-EVK-03	unknown	2040	2040
			FLASH	634273	634273
			RAM	74196	74196
	lock	CYW30739B2-P5-EVK-01	unknown	2040	2040
			FLASH	634149	634149
			RAM	74692	74692
		CYW30739B2-P5-EVK-02	unknown	2040	2040
			FLASH	653857	653857
			RAM	77244	77244
		CYW30739B2-P5-EVK-03	unknown	2040	2040
			FLASH	653857	653857
			RAM	77244	77244
	thermostat	CYW30739B2-P5-EVK-01	unknown	2040	2040
			FLASH	609429	609429
			RAM	68780	68780
		CYW30739B2-P5-EVK-02	unknown	2040	2040
			FLASH	629281	629281
			RAM	71412	71412
		CYW30739B2-P5-EVK-03	unknown	2040	2040
			FLASH	629281	629281
			RAM	71412	71412
efr32	lock-app	BRD4187C	FLASH	926068	926068
			RAM	159920	159920
		BRD4338a	FLASH	740568	740568
			RAM	232580	232580
	window-app	BRD4187C	FLASH	1017272	1017272
			RAM	128264	128264
esp32	all-clusters-app	c3devkit	DRAM	95256	95256
			FLASH	1537464	1537464
			IRAM	82538	82538
		m5stack	DRAM	116192	116192
			FLASH	1548126	1548126
			IRAM	117039	117039
linux	air-purifier-app	debug	unknown	4688	4688
			FLASH	2731595	2731595
			RAM	129616	129616
	all-clusters-app	debug	unknown	5528	5528
			FLASH	6021350	6021350
			RAM	523872	523872
	all-clusters-minimal-app	debug	unknown	5424	5424
			FLASH	5358592	5358592
			RAM	242448	242448
	bridge-app	debug	unknown	5408	5408
			FLASH	4700450	4700450
			RAM	218400	218400
	chip-tool	debug	unknown	5960	5960
			FLASH	12901220	12901220
			RAM	584466	584466
	chip-tool-ipv6only	arm64	unknown	21416	21416
			FLASH	11029376	11029376
			RAM	635400	635400
	fabric-admin	debug	unknown	5792	5792
			FLASH	11308753	11308753
			RAM	584922	584922
	fabric-bridge-app	debug	unknown	4632	4632
			FLASH	4527502	4527502
			RAM	205368	205368
	fabric-sync	debug	unknown	4840	4840
			FLASH	`5239621`	`5239621`
			RAM	465432	465432
	lighting-app	debug+rpc+ui	unknown	6056	6056
			FLASH	`5638961`	`5638961`
			RAM	228520	228520
	lock-app	debug	unknown	5344	5344
			FLASH	4748870	4748870
			RAM	204520	204520
	ota-provider-app	debug	unknown	4720	4720
			FLASH	`4375630`	`4375630`
			RAM	198240	198240
	ota-requestor-app	debug	unknown	4656	4656
			FLASH	4513870	4513870
			RAM	202808	202808
	shell	debug	unknown	4216	4216
			FLASH	3048605	3048605
			RAM	160336	160336
	thermostat-no-ble	arm64	unknown	9456	9456
			FLASH	4117192	4117192
			RAM	242936	242936
	tv-app	debug	unknown	5624	5624
			FLASH	5971893	5971893
			RAM	596304	596304
	tv-casting-app	debug	unknown	5208	5208
			FLASH	11108589	11108589
			RAM	694552	694552
nrfconnect	all-clusters-app	nrf52840dk_nrf52840	FLASH	913336	913336
			RAM	143357	143357
		nrf7002dk_nrf5340_cpuapp	FLASH	884780	884780
			RAM	141496	141496
	all-clusters-minimal-app	nrf52840dk_nrf52840	FLASH	847396	847396
			RAM	142265	142265
nxp	contact	k32w0+release	FLASH	582296	582296
			RAM	71092	71092
		mcxw71+release	FLASH	596784	596784
			RAM	63184	63184
	light	k32w0+release	FLASH	618852	618852
			RAM	70556	70556
		k32w1+release	FLASH	682936	682936
			RAM	48816	48816
	lock	mcxw71+release	FLASH	746560	746560
			RAM	67340	67340
psoc6	all-clusters	cy8ckit_062s2_43012	FLASH	1641508	1641508
			RAM	212408	212408
	all-clusters-minimal	cy8ckit_062s2_43012	FLASH	1549052	1549052
			RAM	209208	209208
	light	cy8ckit_062s2_43012	FLASH	1465636	1465636
			RAM	201200	201200
	lock	cy8ckit_062s2_43012	FLASH	1463300	1463300
			RAM	225560	225560
qpg	lighting-app	qpg6105+debug	FLASH	660304	660304
			RAM	105420	105420
	lock-app	qpg6105+debug	FLASH	618380	618380
			RAM	99880	99880
stm32	light	STM32WB5MM-DK	FLASH	481392	481392
			RAM	144844	144844
telink	bridge-app	tlsr9258a	FLASH	680800	680800
			RAM	91304	91304
	contact-sensor-app	tlsr9528a_retention	FLASH	620426	620426
			RAM	50600	50600
	light-switch-app-ota-shell-factory-data	tlsr9528a	FLASH	708260	708260
			RAM	73940	73940
	lighting-app-ota-factory-data	tlsr9118bdk40d	FLASH	625062	625062
			RAM	144468	144468
	lighting-app-ota-rpc-factory-data-4mb	tlsr9518adk80d	FLASH	811072	811072
			RAM	99100	99100
tizen	all-clusters-app	arm	unknown	4912	4912
			FLASH	1712792	1712792
			RAM	90140	90140
	chip-tool-ubsan	arm	unknown	10792	10792
			FLASH	`1794227`	`1794227`
			RAM	7811564	7811564

github-actions bot added the darwin label Feb 24, 2024

restyled-io bot mentioned this pull request Feb 24, 2024

Restyle Leak in Darwin protocol for publicKey #32302

Closed

woody-apple force-pushed the key-leak branch from e7eaa14 to 96e78ba Compare February 24, 2024 01:02

restyled-io bot mentioned this pull request Feb 24, 2024

Restyle Leak in Darwin protocol for publicKey #32303

Merged

github-actions bot added the examples label Feb 24, 2024

restyled-io bot mentioned this pull request Feb 24, 2024

Restyle Leak in Darwin protocol for publicKey #32304

Closed

bzbarsky-apple reviewed Mar 1, 2024

View reviewed changes

woody-apple force-pushed the key-leak branch from 89da639 to 557535b Compare July 17, 2024 05:11

pullapprove bot requested review from axelnxp, bauerschwan, chapongatien, doru91, fessehaeve, kiel-apple and ReneJosefsen July 17, 2024 05:11

andy31415 closed this Oct 11, 2024

woody-apple reopened this Oct 30, 2024

woody-apple requested a review from a team as a code owner October 30, 2024 15:44

woody-apple and others added 11 commits October 30, 2024 08:44

Initial commit

4ff04b2

Updating darwin-framework-tool

f7e7440

Restyle Leak in Darwin protocol for publicKey (#32303)

044abb6

* Restyled by whitespace * Restyled by clang-format --------- Co-authored-by: Restyled.io <commits@restyled.io>

Testing this

3116b4d

Updating

feae01d

Fixing these

a81fe41

Fixing these

57f190e

Fixing these

94399ab

Fixing these

60f026c

Fixing these

2585a95

Fixing these

17336cd

woody-apple force-pushed the key-leak branch from 557535b to 17336cd Compare October 30, 2024 15:44

woody-apple closed this Oct 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Leak in Darwin protocol for publicKey #32301

Leak in Darwin protocol for publicKey #32301

woody-apple commented Feb 24, 2024

github-actions bot commented Feb 24, 2024 •

edited

Loading

bzbarsky-apple left a comment

bzbarsky-apple Mar 1, 2024

bzbarsky-apple Mar 1, 2024

github-actions bot commented Jul 17, 2024 •

edited

Loading

andy31415 commented Oct 11, 2024

github-actions bot commented Oct 30, 2024 •

edited

Loading

Leak in Darwin protocol for publicKey #32301

Leak in Darwin protocol for publicKey #32301

Conversation

woody-apple commented Feb 24, 2024

github-actions bot commented Feb 24, 2024 • edited Loading

bzbarsky-apple left a comment

Choose a reason for hiding this comment

bzbarsky-apple Mar 1, 2024

Choose a reason for hiding this comment

bzbarsky-apple Mar 1, 2024

Choose a reason for hiding this comment

github-actions bot commented Jul 17, 2024 • edited Loading

andy31415 commented Oct 11, 2024

github-actions bot commented Oct 30, 2024 • edited Loading

github-actions bot commented Feb 24, 2024 •

edited

Loading

github-actions bot commented Jul 17, 2024 •

edited

Loading

github-actions bot commented Oct 30, 2024 •

edited

Loading