• Vladimír Čunát's avatar
    daemon TCP to upstream: don't send wrong message length · 10a113d7
    Vladimír Čunát authored
    See the added comments.  Such bugs are tricky, because the old code
    would typically work just fine, only if libuv/OS decided to postpone
    copying the data (perhaps large load), we would send two bytes from
    this address on C stack - their later value (hard to predict what).
    
    Security risks: the two bytes might theoretically contain information
    that was more or less private and we just send it to some DNS server
    (possibly over unencrypted TCP), but ATM I find it very unlikely that
    this bug could be practically exploited.
    10a113d7
Name
Last commit
Last update
..
bindings Loading commit data...
cache.test Loading commit data...
lua Loading commit data...
README.rst Loading commit data...
engine.c Loading commit data...
engine.h Loading commit data...
ffimodule.c Loading commit data...
ffimodule.h Loading commit data...
io.c Loading commit data...
io.h Loading commit data...
main.c Loading commit data...
meson.build Loading commit data...
network.c Loading commit data...
network.h Loading commit data...
session.c Loading commit data...
session.h Loading commit data...
tls.c Loading commit data...
tls.h Loading commit data...
tls_ephemeral_credentials.c Loading commit data...
tls_session_ticket-srv.c Loading commit data...
worker.c Loading commit data...
worker.h Loading commit data...
zimport.c Loading commit data...
zimport.h Loading commit data...