Security issue related to nyoci_inbound_get_path()
2 views
Skip to first unread message
Robert Quattlebaum
Jul 1, 2018, 6:06:05 PM7/1/18
to LibNyoci Announcements Group
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello everyone,
TL/DR: There is a potential security issue related to the usage of the
`nyoci_inbound_get_path()` method in LibNyoci. The API has been
changed to make safely using this function easier. If you use this
method in your code, make sure you are using commit `1dbe815` (or
later) of LibNyoci.
Bruno Menlo discovered some corrupted input packets that made
`nyoci-plugtest-server` crash or hang. These issues were addressed in
[pull request #12](https://github.com/darconeous/libnyoci/pull/12).
Several of the corrupted packets were triggering crashes that were
ultimately due to a single buffer overrun in `nyoci_inbound_get_path()`,
which did not include a length parameter. Instead, the maximum length
of the destination was implied to be `NYOCI_MAX_URI_LENGTH`.
Since ABI/API comparability is not yet guaranteed for LibNyoci, I have
changed the API to no longer make this assumption and to require a
buffer length to be passed into the function. This change is
ultimately incompatible at both an API and ABI level, so I have
incremented the configuration index accordingly. This will cause
binaries that were build against an older version of LibNyoci and call
`NYOCI_LIBRARY_VERSION_CHECK()` to fail at startup, even if they do
not call `nyoci_inbound_get_path()`.
I will be spinning a new release tag shortly (0.07.01rc1) that
includes this fix.
I want to personally thank Bruno Menlo for reporting these issues.
- -\- RQ
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEyqyznYdlVWku4iGibiytsfqnyUQFAls5UAIACgkQbiytsfqn
yUS5kwf9HA95PPQQY0M6MJ567rOxbzWrGfl3JftPNic9SiXS14aKg75292WUWSoo
LBG0WNhIEf9fc0yETNldWbjNLAk+rjWjdqhDV2jjj4pGFV8QhL7s9UAva9PFF3YB
6FeeY/ku1PMsZfAz2eVQDrSW3qF7k1jcMzAXebhKj7MK+I2TkyszBw/rxoUagbE/
uqxoDenldVz9iJ+qBirpUZ5VSAN3f/baiDqBV+7yxIr1m5A2fykxbUW7tck2RuqB
oSRPQIg5MjE7Y2Ydf8+MH7OTHACv8iX4KwbnbB7Fpj/TBsIjbqyv8vdqsFleSwOB
R8O7XXC3hGal/6VlpteJkHj6Qrthxw==
=99gl
-----END PGP SIGNATURE-----
Hash: SHA256
Hello everyone,
TL/DR: There is a potential security issue related to the usage of the
`nyoci_inbound_get_path()` method in LibNyoci. The API has been
changed to make safely using this function easier. If you use this
method in your code, make sure you are using commit `1dbe815` (or
later) of LibNyoci.
Bruno Menlo discovered some corrupted input packets that made
`nyoci-plugtest-server` crash or hang. These issues were addressed in
[pull request #12](https://github.com/darconeous/libnyoci/pull/12).
Several of the corrupted packets were triggering crashes that were
ultimately due to a single buffer overrun in `nyoci_inbound_get_path()`,
which did not include a length parameter. Instead, the maximum length
of the destination was implied to be `NYOCI_MAX_URI_LENGTH`.
Since ABI/API comparability is not yet guaranteed for LibNyoci, I have
changed the API to no longer make this assumption and to require a
buffer length to be passed into the function. This change is
ultimately incompatible at both an API and ABI level, so I have
incremented the configuration index accordingly. This will cause
binaries that were build against an older version of LibNyoci and call
`NYOCI_LIBRARY_VERSION_CHECK()` to fail at startup, even if they do
not call `nyoci_inbound_get_path()`.
I will be spinning a new release tag shortly (0.07.01rc1) that
includes this fix.
I want to personally thank Bruno Menlo for reporting these issues.
- -\- RQ
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEyqyznYdlVWku4iGibiytsfqnyUQFAls5UAIACgkQbiytsfqn
yUS5kwf9HA95PPQQY0M6MJ567rOxbzWrGfl3JftPNic9SiXS14aKg75292WUWSoo
LBG0WNhIEf9fc0yETNldWbjNLAk+rjWjdqhDV2jjj4pGFV8QhL7s9UAva9PFF3YB
6FeeY/ku1PMsZfAz2eVQDrSW3qF7k1jcMzAXebhKj7MK+I2TkyszBw/rxoUagbE/
uqxoDenldVz9iJ+qBirpUZ5VSAN3f/baiDqBV+7yxIr1m5A2fykxbUW7tck2RuqB
oSRPQIg5MjE7Y2Ydf8+MH7OTHACv8iX4KwbnbB7Fpj/TBsIjbqyv8vdqsFleSwOB
R8O7XXC3hGal/6VlpteJkHj6Qrthxw==
=99gl
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages