Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix HeaderMap::drain double-free if drain iterator is forgotten #357

Merged
merged 1 commit into from Nov 25, 2019
Merged

Fix HeaderMap::drain double-free if drain iterator is forgotten #357

merged 1 commit into from Nov 25, 2019

Conversation

seanmonstar
Copy link
Member

Fixes #354

cc @Qwaz thanks for the report!

hawkw
hawkw approved these changes Nov 25, 2019
View reviewed changes
Copy link
Contributor

@hawkw hawkw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The approach used here looks correct to me. I left some comments on nits we may want to address.

src/header/map.rs Show resolved Hide resolved
src/header/map.rs Show resolved Hide resolved
src/header/map.rs Show resolved Hide resolved
src/header/map.rs Outdated Show resolved Hide resolved
tests/header_map.rs
}

#[test]
fn drain_forget() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should there also be a test for mem::forgetting a ValueDrain returned by a Drain?

@seanmonstar seanmonstar merged commit 82d53db into master Nov 25, 2019
@seanmonstar seanmonstar deleted the drain-double-free branch November 25, 2019 19:36
roy-work added a commit to roy-work/advisory-db that referenced this pull request Jan 9, 2020
@roy-work
Correct affected version range on RUSTSEC-2019-003[34] to patched at …
200651c 
…0.1.20

I believe these two vulnerabilities were patched at 0.1.20.

For RUSTSEC-2019-0033:

The advisory links to the bug: hyperium/http#352
In that bug, the fixing PR was hyperium/http#360
That PR merged the commit 81ceb61 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][1]).

[1]: hyperium/http@81ceb61

For RUSTSEC-2019-0034:

This advisory is two separate GitHub issues against `HeaderMap::drain`,
http rustsec#354 and http rustsec#355.

For the first: the issue: hyperium/http#354
In that bug, the fixing PR was hyperium/http#357
That PR merged the commit 82d53db to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][2]).

[2]: hyperium/http@82d53db

For the second: the issue: hyperium/http#355
In that bug, the fixing PR was hyperium/http#362
That PR merged the commit 8ffe094 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][3]).

[3]: hyperium/http@8ffe094
@roy-work roy-work mentioned this pull request Jan 9, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hawkw hawkw hawkw approved these changes

@carllerche carllerche Awaiting requested review from carllerche

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Failing to drop HeaderMap::Drain causes double-free
2 participants
@seanmonstar @hawkw