[21435] Solve SecurityManager memory issue

[juanlofer-eprosima]

Description

A memory issue is reported by ASAN when running tests using security such as BlackboxTests_DDS_PIM.Security.BuiltinAuthenticationPlugin_second_participant_creation_loop.

The issue is that the events thread might call SecurityManager::resend_handshake_message_token, which internally calls WriterHistory::remove_change_and_reuse, the latter not being (atomically) thread safe. If at the same time a handshake is processed (SecurityManager::on_process_handshake) from another thread, this may resolve in a change being added to the aforementioned writer history. As a result a change is added to History::m_changes vector, which would invalidate the iterator dealt with in WriterHistory::remove_change_and_reuse without protection.

Two potential solutions are proposed:

• Take the history/endpoint mutex before calling WriterHistory::remove_change_and_reuse from the security manager, as it's done when calling PDPServer::remove_change_from_history_nts
• Protect WriterHistory::remove_change_and_reuse fully, converting it in an atomic thread-safe method. Note that since the functions internally called from within this method already take the mutex, no (new) deadlocks should be introduced.

@Mergifyio backport 2.14.x 2.10.x

Contributor Checklist

• Commit messages follow the project guidelines.
• The code follows the style guidelines of this project.
• N/A Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
• N/A: Any new/modified methods have been properly documented using Doxygen.
• N/A: Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
• Changes are backport compatible: they do NOT break ABI nor change library core behavior.
• Changes are API compatible.
• N/A: New feature has been added to the versions.md file (if applicable).
• N/A: New feature has been documented/Current behavior is correctly described in the documentation.
• Applicable backports have been included in the description.

Reviewer Checklist

• The PR has a milestone assigned.
• The title and description correctly express the PR's purpose.
• Check contributor checklist is correct.
• If this is a critical bug fix, backports to the critical-only supported branches have been requested.
• Check CI results: changes do not issue any warning.
• Check CI results: failing tests are unrelated with the changes.

[Mario-DL]

The change makes sense to me.
I like more the approach of making the method thread safe, since find_change and remove_change already take the mutex as commented in the description.

However, if the first solution proposal is finally chosen, I think it would make sense to rename the method to remove_change_and_reuse_nts

[Mario-DL]

LGTM

[Mario-DL]

We would need to backport this to 2.x I think

[MiguelCompany]

@Mergifyio backport 2.14.x 2.10.x

[mergify]

backport 2.14.x 2.10.x

✅ Backports have been created

• #5120 [21435] Solve SecurityManager memory issue (backport #5115) has been created for branch 2.14.x
• #5121 [21435] Solve SecurityManager memory issue (backport #5115) has been created for branch 2.10.x