Merge pull request rustsec#220 from RustSec/RUSTSEC-2019-0034

Assign RUSTSEC-2019-0034 to http
roy-work · Jan 9, 2020 · 2899482 · 2899482
2 parents 2aad27e + 526892a
commit 2899482
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 78 deletions.
diff --git a/crates/http/RUSTSEC-0000-0000.toml b/crates/http/RUSTSEC-0000-0000.toml
diff --git a/crates/http/RUSTSEC-2019-0034.toml b/crates/http/RUSTSEC-2019-0034.toml
@@ -0,0 +1,20 @@
+[advisory]
+id = "RUSTSEC-2019-0034"
+package = "http"
+date = "2019-11-16"
+title = "HeaderMap::Drain API is unsound"
+description = """
+Affected versions of this crate incorrectly used raw pointer,
+which introduced unsoundness in its public safe API.
+
+[Failing to drop the Drain struct causes double-free](https://github.com/hyperium/http/issues/354),
+and [it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation](https://github.com/hyperium/http/issues/355).
+
+The flaw was corrected in 0.2.0 release of `http` crate.
+"""
+patched_versions = [">= 0.2.0"]
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "double-free", "unsound"]
+
+[affected.functions]
+"http::header::HeaderMap::drain" = ["< 0.2.0"]