From b5bd33c6833fc9559afbe640d1c16223c73b37f8 Mon Sep 17 00:00:00 2001 From: Joshua Liebow-Feeser Date: Thu, 14 Dec 2023 11:48:56 -0800 Subject: [PATCH 1/3] zerocopy: Some Ref methods are unsound with some type params For more information: - https://github.com/google/zerocopy/issues/716 - https://github.com/google/zerocopy/security/advisories/GHSA-3mv5-343c-w2qg --- crates/zerocopy/RUSTSEC-0000-0000.md | 31 ++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 crates/zerocopy/RUSTSEC-0000-0000.md diff --git a/crates/zerocopy/RUSTSEC-0000-0000.md b/crates/zerocopy/RUSTSEC-0000-0000.md new file mode 100644 index 000000000..2f876bccf --- /dev/null +++ b/crates/zerocopy/RUSTSEC-0000-0000.md @@ -0,0 +1,31 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "zerocopy" +date = "2023-12-14" +url = "https://github.com/google/zerocopy/issues/716" +keywords = ["ref", "refcell", "mutable-aliasing"] + +[versions] +patched = [">= 0.2.9, < 0.3.0", ">= 0.3.2, < 0.4.0", ">= 0.4.1, < 0.5.0", ">= 0.5.2, < 0.6.0", ">= 0.6.6, < 0.7.0", ">= 0.7.31"] +unaffected = ["< 0.2.2"] + +[affected.functions] +"zerocopy::Ref::into_ref" = "*" +"zerocopy::Ref::into_mut" = "*" +"zerocopy::Ref::into_slice" = "*" +"zerocopy::Ref::into_mut_slice" = "*" +``` + +# RustSec Advisory Template - Advisory Title Goes Here + +The `Ref` methods `into_ref`, `into_mut`, `into_slice`, and `into_slice_mut` are unsound +and may allow safe code to exhibit undefined behavior when used with `Ref` where `B` +is [`cell::Ref`](https://doc.rust-lang.org/core/cell/struct.Ref.html) or +[`cell::RefMut`](https://doc.rust-lang.org/core/cell/struct.RefMut.html). Note that these +methods remain sound when used with `B` types other than `cell::Ref` or `cell::RefMut`. + +See https://github.com/google/zerocopy/issues/716 for a more in-depth analysis. + +The current plan is to yank the affected versions soon. See +https://github.com/google/zerocopy/issues/679 for more detail. From 615e140b7a9db98e25256d75f48fef610f44e16b Mon Sep 17 00:00:00 2001 From: Joshua Liebow-Feeser Date: Thu, 14 Dec 2023 12:18:36 -0800 Subject: [PATCH 2/3] Update affected function semver versions --- crates/zerocopy/RUSTSEC-0000-0000.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crates/zerocopy/RUSTSEC-0000-0000.md b/crates/zerocopy/RUSTSEC-0000-0000.md index 2f876bccf..8daafa6f3 100644 --- a/crates/zerocopy/RUSTSEC-0000-0000.md +++ b/crates/zerocopy/RUSTSEC-0000-0000.md @@ -11,10 +11,10 @@ patched = [">= 0.2.9, < 0.3.0", ">= 0.3.2, < 0.4.0", ">= 0.4.1, < 0.5.0", ">= 0. unaffected = ["< 0.2.2"] [affected.functions] -"zerocopy::Ref::into_ref" = "*" -"zerocopy::Ref::into_mut" = "*" -"zerocopy::Ref::into_slice" = "*" -"zerocopy::Ref::into_mut_slice" = "*" +"zerocopy::Ref::into_ref" = [">= 0.2.2, < 0.2.9", ">= 0.3.0, < 0.3.2", ">= 0.4.0, < 0.4.1", ">= 0.5.0, < 0.5.2", ">= 0.6.0, < 0.6.6", ">= 0.7.0, < 0.7.31"] +"zerocopy::Ref::into_mut" = [">= 0.2.2, < 0.2.9", ">= 0.3.0, < 0.3.2", ">= 0.4.0, < 0.4.1", ">= 0.5.0, < 0.5.2", ">= 0.6.0, < 0.6.6", ">= 0.7.0, < 0.7.31"] +"zerocopy::Ref::into_slice" = [">= 0.2.2, < 0.2.9", ">= 0.3.0, < 0.3.2", ">= 0.4.0, < 0.4.1", ">= 0.5.0, < 0.5.2", ">= 0.6.0, < 0.6.6", ">= 0.7.0, < 0.7.31"] +"zerocopy::Ref::into_mut_slice" = [">= 0.2.2, < 0.2.9", ">= 0.3.0, < 0.3.2", ">= 0.4.0, < 0.4.1", ">= 0.5.0, < 0.5.2", ">= 0.6.0, < 0.6.6", ">= 0.7.0, < 0.7.31"] ``` # RustSec Advisory Template - Advisory Title Goes Here From 2c74661c77b874c26aac59e79fa4e065f5b216ab Mon Sep 17 00:00:00 2001 From: Joshua Liebow-Feeser Date: Mon, 18 Dec 2023 07:21:36 -0800 Subject: [PATCH 3/3] Added advisory title --- crates/zerocopy/RUSTSEC-0000-0000.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/zerocopy/RUSTSEC-0000-0000.md b/crates/zerocopy/RUSTSEC-0000-0000.md index 8daafa6f3..dabdebf7a 100644 --- a/crates/zerocopy/RUSTSEC-0000-0000.md +++ b/crates/zerocopy/RUSTSEC-0000-0000.md @@ -17,7 +17,7 @@ unaffected = ["< 0.2.2"] "zerocopy::Ref::into_mut_slice" = [">= 0.2.2, < 0.2.9", ">= 0.3.0, < 0.3.2", ">= 0.4.0, < 0.4.1", ">= 0.5.0, < 0.5.2", ">= 0.6.0, < 0.6.6", ">= 0.7.0, < 0.7.31"] ``` -# RustSec Advisory Template - Advisory Title Goes Here +# Some Ref methods are unsound with some type parameters The `Ref` methods `into_ref`, `into_mut`, `into_slice`, and `into_slice_mut` are unsound and may allow safe code to exhibit undefined behavior when used with `Ref` where `B`