diff options
author | Markus Westerlind <marwes91@gmail.com> | 2020-01-21 19:35:13 +0100 |
---|---|---|
committer | Carl Lerche <me@carllerche.com> | 2020-01-21 10:35:13 -0800 |
commit | fbe143b142875977f49772d2905029b57b92e429 (patch) | |
tree | c6f371131e97c2c7b0fdc3874323e94a431a0c47 /tokio-macros | |
parent | 9df805ff5449527d1fead3e9533152c4a357c24c (diff) |
fix: Prevent undefined behaviour from malicious AsyncRead impl (#2030)
`AsyncRead` is safe to implement but can be implemented so that it
reports that it read more bytes than it actually did. `poll_read_buf` on
the other head implicitly trusts that the returned length is actually
correct which makes it possible to advance the buffer past what has
actually been initialized.
An alternative fix could be to avoid the panic and instead advance by
`n.min(b.len())`
Diffstat (limited to 'tokio-macros')
0 files changed, 0 insertions, 0 deletions