Project

General

Profile

Actions
Copy link

Bug #20269

closed

Vulnerability in tokio

Added by Alexis Mousset over 2 years ago. Updated over 2 years ago.

Status:
Released
Priority:
N/A
Assignee:
Benoît PECCATTE
Category:
Relay server or API
Target version:
6.1.18
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:

Description

04:09:53  error[A001]: Data race when sending and receiving after closing a `oneshot` channel
04:09:53      ┌─ /srv/jenkins/workspace/pendencies_branches_rudder_6.1_3/relay/sources/relayd/Cargo.lock:205:1
04:09:53      │
04:09:53  205 │ tokio 0.1.22 registry+https://github.com/rust-lang/crates.io-index
04:09:53      │ ------------------------------------------------------------------ security vulnerability detected
04:09:53      │
04:09:53      = ID: RUSTSEC-2021-0124
04:09:53      = Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0124
04:09:53      = If a `tokio::sync::oneshot` channel is closed (via the
04:09:53        [`oneshot::Receiver::close`] method), a data race may occur if the
04:09:53        `oneshot::Sender::send` method is called while the corresponding
04:09:53        `oneshot::Receiver` is `await`ed or calling `try_recv`.
04:09:53        
04:09:53        When these methods are called concurrently on a closed channel, the two halves
04:09:53        of the channel can concurrently access a shared memory location, resulting in a
04:09:53        data race. This has been observed to [cause memory corruption][corruption].
04:09:53        
04:09:53        Note that the race only occurs when **both** halves of the channel are used
04:09:53        after the `Receiver` half has called `close`. Code where `close` is not used, or where the
04:09:53        `Receiver` is not `await`ed and `try_recv` is not called after calling `close`,
04:09:53        is not affected.
04:09:53        
04:09:53        See [tokio#4225][issue] for more details.
04:09:53        
04:09:53        [corruption]: https://github.com/tokio-rs/tokio/issues/4225#issuecomment-967434847
04:09:53        [issue]: https://github.com/tokio-rs/tokio/issues/4225
04:09:53        [`oneshot::Receiver::close`]: https://docs.rs/tokio/1.14.0/tokio/sync/oneshot/struct.Receiver.html#method.close
04:09:53      = Announcement: https://github.com/tokio-rs/tokio/issues/4225
04:09:53      = Solution: Upgrade to >=1.8.4, <1.9.0 OR >=1.13.1
04:09:53      = tokio v0.1.22
04:09:53        ├── hyper v0.12.36
04:09:53        │   ├── hyper-tls v0.3.2
04:09:53        │   │   └── reqwest v0.9.24
04:09:53        │   │       └── relayd v0.0.0-dev
04:09:53        │   ├── relayd v0.0.0-dev (*)
04:09:53        │   ├── reqwest v0.9.24 (*)
04:09:53        │   └── warp v0.1.22
04:09:53        │       └── relayd v0.0.0-dev (*)
04:09:53        ├── inotify v0.7.0
04:09:53        │   └── relayd v0.0.0-dev (*)
04:09:53        ├── relayd v0.0.0-dev (*)
04:09:53        ├── reqwest v0.9.24 (*)
04:09:53        └── warp v0.1.22 (*)
Actions
Copy link
 #1

Updated by Alexis Mousset over 2 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions
Copy link
 #2

Updated by Alexis Mousset over 2 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder/pull/3995
Actions
Copy link
 #3

Updated by Alexis Mousset over 2 years ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #4

Updated by Alexis Mousset over 2 years ago

  • Fix check changed from To do to Checked
Actions
Copy link
 #5

Updated by Vincent MEMBRÉ over 2 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.1.18, 6.2.12 and 7.0.0~rc2 which were released today.

Actions
Copy link

Also available in: Atom PDF