Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed invariant violation in MemBio::get_buf with empty results #2266

Merged
merged 1 commit into from
Jul 21, 2024

Conversation

alex
Copy link
Collaborator

@alex alex commented Jul 21, 2024

Pointer arguments to slice::from_raw_parts are required to be non-null. (See https://davidben.net/2024/01/15/empty-slices.html for details.)

Pointer arguments to `slice::from_raw_parts` are required to be non-null. (See https://davidben.net/2024/01/15/empty-slices.html for details.)
@alex alex merged commit aef36e0 into sfackler:master Jul 21, 2024
61 checks passed
@alex alex deleted the mem-bio-invariant branch July 21, 2024 12:59
doitian added a commit to doitian/ckb that referenced this pull request Jul 22, 2024
```
error[vulnerability]: `MemBio::get_buf` has undefined behavior with empty buffers
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:313:1
    │
313 │ openssl 0.10.64 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```
Desiki-high added a commit to Desiki-high/nydus that referenced this pull request Jul 22, 2024
```
error[vulnerability]: `MemBio::get_buf` has undefined behavior with empty buffers
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:313:1
    │
313 │ openssl 0.10.64 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```

Signed-off-by: Yadong Ding <ding_yadong@foxmail.com>
Desiki-high added a commit to Desiki-high/nydus that referenced this pull request Jul 22, 2024
```
    ┌─ /github/workspace/Cargo.lock:148:1
    │
148 │ openssl 0.10.55 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```

Signed-off-by: Yadong Ding <ding_yadong@foxmail.com>
doitian added a commit to doitian/ckb-cli that referenced this pull request Jul 22, 2024
```
error[vulnerability]: `MemBio::get_buf` has undefined behavior with empty buffers
    ┌─ /home/runner/work/ckb/ckb/Cargo.lock:313:1
    │
313 │ openssl 0.10.64 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0357
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0357
    = Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
    = Announcement: sfackler/rust-openssl#2266
    = Solution: Upgrade to >=0.10.66 (try `cargo update -p openssl`)
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants