Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsafe i32 to usize conversion from network data #2788

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Unsafe i32 to usize conversion from network data #2788

wants to merge 2 commits into from

Conversation

sumanthakur1976
Copy link

This patch fixes the problem with uncheckd data
conversion read from the network. Currently, code
reads data from the network, converts it to
i32, and then blindly converts it to usize (so -1
gets converted to -1_usize and causes panic in
debug build and huge memory use in release build).
This could easily become a security vulnerability.

The fix replaces all as usize casts to try_into
style casts.

  • Did you create an Apache Jira ticket? (Request account here, not required for trivial changes)
  • If a ticket exists: Does your pull request title follow the pattern "THRIFT-NNNN: describe my issue"?
  • Did you squash your changes to a single commit? (not required, but preferred)
  • Did you do your best to avoid breaking changes? If one was needed, did you label the Jira ticket with "Breaking-Change"?
  • If your change does not involve any code, include [skip ci] anywhere in the commit message to free up build resources.

@axelexic
Unsafe i32 to usize conversion from network data
a3ad4cf 
This patch fixes the problem with uncheckd data
conversion read from the network. Currently, code
reads data from the network, converts it to
i32, and then blindly converts it to usize (so -1
gets converted to -1_usize and causes panic in
debug build and huge memory use in release build).
This is a major security vulnerability and easily
reproducible using Python client implementation.

The fix replaces all `as usize` casts to try_into
style casts.
@Jens-G Jens-G added the rust label Apr 17, 2023
@axelexic
Fix formatting issue
5222205 
Fix formatting issue that causes build to fail!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
rust
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sumanthakur1976 @Jens-G