Opened 23 months ago
Closed 21 months ago
#1217 closed task (fixed)
security issues in rencode
Reported by: | Antoine Martin | Owned by: | Smo |
---|---|---|---|
Priority: | critical | Milestone: | 1.0 |
Component: | core | Version: | trunk |
Keywords: | Cc: |
Description
Just reported two security issues in rencode:
For our use case, I believe this can just cause a server crash, I don't think we leak parsed data from packets back to the user - but maybe disconnection messages? (those would need to be trimmed)
Change History (5)
comment:1 Changed 23 months ago by
Status: | new → assigned |
---|
comment:3 Changed 22 months ago by
Owner: | changed from Antoine Martin to Smo |
---|---|
Status: | assigned → new |
This is all fixed in version 1.0.5, bumped for osx and rpm in r13028. (r13029 for centos6 because of this bug: https://github.com/aresch/rencode/issues/10)
@smo: time to update.
comment:4 Changed 21 months ago by
Note: See
TracTickets for help on using
tickets.
The first bug is now fixed and version 1.0.5 will include it, the second one was already fixed in rencode 1.0.4. (my bad)
Until 1.0.5 is officially released (new blocker: https://github.com/aresch/rencode/issues/9), here's a download link: https://github.com/aresch/rencode/archive/a5ab0fb6c3603d1e9c53e2cfc262b2288d2912d8.zip.