Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Possible soundness bug: alignment not checked #50

Open
Plecra opened this issue Jul 4, 2021 · 1 comment · May be fixed by #51
Open

Possible soundness bug: alignment not checked #50

Plecra opened this issue Jul 4, 2021 · 1 comment · May be fixed by #51

Comments

@Plecra
Copy link

Plecra commented Jul 4, 2021

atty/src/lib.rs

Lines 131 to 141 in 7b5df17

let mut name_info_bytes = vec![0u8; size + MAX_PATH * mem::size_of::<WCHAR>()];
let res = GetFileInformationByHandleEx(
GetStdHandle(fd),
FileNameInfo,
&mut *name_info_bytes as *mut _ as *mut c_void,
name_info_bytes.len() as u32,
);
if res == 0 {
return false;
}
let name_info: &FILE_NAME_INFO = &*(name_info_bytes.as_ptr() as *const FILE_NAME_INFO);

As far as I can tell, the pointer deference on line 141 in unsound, as there is no guarantee the vector will be properly aligned for FILE_NAME_INFO (which has an alignment of 4 due to FileNameLength being a u32)
@Plecra Plecra linked a pull request Jul 4, 2021 that will close this issue
Open
@jcgruenhage jcgruenhage mentioned this issue Sep 22, 2022
Merged
@pinkforest pinkforest mentioned this issue Oct 24, 2022
Open
@niluxv niluxv mentioned this issue Nov 2, 2022
Closed
@Shnatsel Shnatsel mentioned this issue Nov 4, 2022
Merged
Shnatsel added a commit to rust-secure-code/cargo-supply-chain that referenced this issue Nov 4, 2022
@Shnatsel
Drop bpaf color - it pulls in atty which is unsound and appears t…
f761c16 
…o be umaintained: softprops/atty#50
Techcable added a commit to slog-rs/term that referenced this issue Nov 28, 2022
@Techcable
security: Avoid using buggy atty crate
7f43921 
Switches to newer `is-terminal` crate instead.
This functionality is also availible on the nightly
Rust stdlib as a `std::io::IsTerminal` trait.

Avoids RUSTSEC-2021-0145 (softprops/atty#50)
Fixes slog-rs/slog#319

Based on the information in the vulnerability database,
I don't consider this a particularly serious bug.

> In practice however, the pointer won't be unaligned
   unless a custom global allocator is used.
@Techcable Techcable mentioned this issue Nov 28, 2022
Merged
@KisaragiEffective KisaragiEffective mentioned this issue Dec 12, 2022
Merged
1 task
This was referenced Feb 27, 2023
Closed
Closed
@daboross daboross mentioned this issue Mar 23, 2023
Closed
This was referenced Mar 24, 2023
Closed
Closed
Closed
Open
Closed
This was referenced Apr 5, 2023
Closed
Open
Open
Open
Open
Closed
Closed
Closed
@pablogmorales pablogmorales mentioned this issue Apr 10, 2023
Closed
This was referenced Apr 11, 2023
Open
Closed
Closed
Closed
@greendoescode greendoescode mentioned this issue Jun 25, 2024
Closed
@taylorjdawson taylorjdawson mentioned this issue Jun 26, 2024
Closed
1 task
This was referenced Jun 27, 2024
Closed
Closed
@EddieWhi EddieWhi mentioned this issue Jul 18, 2024
Merged
@softprops
Copy link
Owner

now recommending users move to the std.io.IsTerminal available since rust 1.17.0 in this repos readme

@github-actions github-actions bot mentioned this issue Jul 27, 2024
Open
This was referenced Aug 9, 2024
Open
Closed
Open
@vicanso vicanso mentioned this issue Aug 22, 2024
Open
@FreezyLemon FreezyLemon mentioned this issue Aug 27, 2024
Merged
This was referenced Sep 7, 2024
Closed
Closed
Closed
Open
Closed
@github-actions github-actions bot mentioned this issue Sep 23, 2024
Closed
@jayvdb jayvdb mentioned this issue Sep 23, 2024
Closed
This was referenced Oct 7, 2024
Closed
Closed
This was referenced Nov 9, 2024
Open
Open
Open
This was referenced Nov 19, 2024
Open
Open
Open
This was referenced Dec 11, 2024
Open
Open
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix dereferencing of unaligned FILE_NAME_INFO Plecra/atty
2 participants
@softprops @Plecra