-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: audit protocol handling #3441
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I know this might be undesirable because it costs performance, but the pattern that I usually follow for these kinds of casts is |
For the most part, I'm trying to avoid panics because they've caused issues before. Trying to encode too large of a value is generally a recoverable error. |
abonander
force-pushed
the
validate-casts-dev
branch
from
August 16, 2024 20:19
5aa9d50
to
dd92def
Compare
abonander
force-pushed
the
validate-casts-dev
branch
2 times, most recently
from
August 16, 2024 23:37
36b57e5
to
ac0448c
Compare
abonander
force-pushed
the
validate-casts-dev
branch
from
August 17, 2024 00:31
ac0448c
to
2cb6217
Compare
abonander
changed the title
WIP: validate for overflowing and truncating casts
WIP: audit protocol handling
Aug 17, 2024
abonander
force-pushed
the
validate-casts-dev
branch
2 times, most recently
from
August 20, 2024 10:10
ef70eae
to
e9ffde4
Compare
abonander
force-pushed
the
validate-casts-dev
branch
from
August 21, 2024 20:52
d93a20e
to
8db2055
Compare
abonander
force-pushed
the
validate-casts-dev
branch
from
August 21, 2024 21:51
1efef02
to
37f53cc
Compare
abonander
force-pushed
the
validate-casts-dev
branch
from
August 22, 2024 00:05
0bb3fe0
to
59f5cd0
Compare
abonander
force-pushed
the
validate-casts-dev
branch
from
August 22, 2024 22:01
349c684
to
65feda5
Compare
abonander
force-pushed
the
validate-casts-dev
branch
2 times, most recently
from
August 24, 2024 03:08
2d39649
to
612a767
Compare
abonander
force-pushed
the
validate-casts-dev
branch
from
August 24, 2024 04:59
612a767
to
ab4ff34
Compare
abonander
force-pushed
the
validate-casts-dev
branch
2 times, most recently
from
August 24, 2024 05:54
f020d88
to
13594ad
Compare
abonander
force-pushed
the
validate-casts-dev
branch
from
August 24, 2024 05:55
13594ad
to
7e48dbe
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #3440
Resolves https://rustsec.org/advisories/RUSTSEC-2024-0363.html
The last three commits may be cherry-picked against 6f29056 to see the exploit in action.
As of writing, only the Postgres driver actually appears to be exploitable before this patch, and appears to no longer be exploitable afterwards.