Skip to content
Snippets Groups Projects
Select Git revision
  • manager-files-watchdog
  • master default protected
  • declarative-config-stabilization
  • dname_limiting
  • root-fallback-addresses
  • module-tunnel-filter
  • dname_kru
  • defer-hard-timeout
  • ci-jobs-reorganization
  • nightly protected
  • manager-api-config-fix
  • tls-authority-whitelist
  • tmp/test-deckard
  • forward-tls-insecure
  • doh-stuck-status
  • module-filter
  • coverity protected
  • ci-docker-tests-update
  • kresctl-comp-config-levels
  • ci-pkg-suse
  • v6.0.11 protected
  • v6.0.10 protected
  • v6.0.9 protected
  • v6.0.8 protected
  • v5.7.4 protected
  • v5.7.3 protected
  • v6.0.7 protected
  • v5.7.2 protected
  • v6.0.6 protected
  • v5.7.1 protected
  • v6.0.5 protected
  • v6.0.4 protected
  • v6.0.3 protected
  • v6.0.2 protected
  • v5.7.0 protected
  • v6.0.1 protected
  • v6.0.0a1 protected
  • v5.6.0 protected
  • v5.5.3 protected
  • v5.5.2 protected
40 results
Search by author
  • Any Author
  • Aleš Mrázek Aleš Mrázek amrazek
  • Anbang Wen Anbang Wen anb
  • Daniel Kahn Gillmor Daniel Kahn Gillmor dkg
  • Daniel Salzman Daniel Salzman dsalzman
  • David Vasek David Vasek dvasek
  • Frantisek Tobias Frantisek Tobias ftobias
  • Hynek Šabacký Hynek Šabacký hsabacky
  • Jakub Ružička Jakub Ružička jruzicka
  • Jan Hák Jan Hák jhak
  • Jan Pavlinec Jan Pavlinec jpavlinec
  • Jan Včelák Jan Včelák jvcelak
  • Josef Schlehofer Josef Schlehofer jschlehofer
  • Karel Koci Karel Koci kkoci
  • **** **** project_147_bot_77ab1cef2fcb058144e515dcc77e07a3
  • Ladislav Lhotka Ladislav Lhotka llhotka
  • Libor Peltan Libor Peltan lpeltan
  • Lukáš Ondráček Lukáš Ondráček londracek
  • Marek Vavrusa Marek Vavrusa vavrusam
  • Michal Hrusecky Michal Hrusecky mhrusecky
  • **** **** project_147_bot
20 authors
  1. May 29, 2019
    • Vladimír Čunát's avatar
      daemon TCP to upstream: don't send wrong message length · 10a113d7
      Vladimír Čunát authored 
      See the added comments.  Such bugs are tricky, because the old code
would typically work just fine, only if libuv/OS decided to postpone
copying the data (perhaps large load), we would send two bytes from
this address on C stack - their later value (hard to predict what).

Security risks: the two bytes might theoretically contain information
that was more or less private and we just send it to some DNS server
(possibly over unencrypted TCP), but ATM I find it very unlikely that
this bug could be practically exploited.
      Verified
      10a113d7
  3. May 28, 2019
  5. May 24, 2019
  7. May 22, 2019
  9. May 06, 2019
  11. Apr 29, 2019
  13. Apr 26, 2019
  15. Apr 25, 2019
  17. Apr 23, 2019
  19. Apr 18, 2019