Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make named pipe configuration less error prone #5359

Closed
Darksonn opened this issue Jan 6, 2023 · 5 comments · Fixed by #5477
Closed

Make named pipe configuration less error prone #5359

Darksonn opened this issue Jan 6, 2023 · 5 comments · Fixed by #5477
Labels
A-tokio Area: The main tokio crate E-help-wanted Call for participation: Help is requested to fix this issue. M-net Module: tokio/net

Comments

@Darksonn
Copy link
Contributor

Darksonn commented Jan 6, 2023
edited

The current design of the named pipe builder resulted in CVE-2023-22466. It should be refactored to make this kind of mistake impossible.

Refs: #5336
@Darksonn Darksonn added E-help-wanted Call for participation: Help is requested to fix this issue. A-tokio Area: The main tokio crate M-net Module: tokio/net labels Jan 6, 2023
@mhils
Copy link
Contributor

mhils commented Jan 6, 2023
edited

@Darksonn: is 09a37c7 the type of refactoring you have in mind? :)

@Darksonn
Copy link
Contributor Author

Darksonn commented Jan 6, 2023

Yeah, that looks reasonable, although we might want to make the same change to the open mode.

@mhils
Copy link
Contributor

mhils commented Jan 6, 2023

Excellent. I've implemented the same changes for open_mode/desired_access and removed the bool_flag macro in 658c3f8. That's currently sitting on top of #5350 though, so unless y'all have strong opinions here I will wait with a PR until #5350 is in. :)

@mhils mhils mentioned this issue Jan 31, 2023
Merged
@Darksonn
Copy link
Contributor Author

Sorry that I forgot about your PR. Do you want to submit the other commit as a PR?

mhils added a commit to mhils/tokio that referenced this issue Feb 19, 2023
@mhils
net: refactor named pipe builders to not use bitfields
d20ac20 
This fixes tokio-rs#5359.
@mhils mhils mentioned this issue Feb 19, 2023
Merged
@mhils
Copy link
Contributor

mhils commented Feb 19, 2023

No worries and thanks for getting to it! I've rebased the patch from above and opened #5477. :)

mhils added a commit to mhils/tokio that referenced this issue Feb 19, 2023
@mhils
net: refactor named pipe builders to not use bitfields
3261604 
This fixes tokio-rs#5359.
mhils added a commit to mhils/tokio that referenced this issue Feb 19, 2023
@mhils
net: refactor named pipe builders to not use bitfields
913b117 
This fixes tokio-rs#5359.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-tokio Area: The main tokio crate E-help-wanted Call for participation: Help is requested to fix this issue. M-net Module: tokio/net
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

net: refactor named pipe builders to not use bitfields mhils/tokio
2 participants
@Darksonn @mhils