Coder Social home page Coder Social logo

rdiff's Issues

Broken Read implementations can cause uninitialized memory read

Hi there, we (Rust group @sslab-gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that in Window::new, the bytes read returned from the reader are used to set_len:

rdiff/src/window.rs

Lines 9 to 18 in 6680843

let mut front = vec!(0;block_size);
let mut back = vec!(0;block_size);
let size = try!(reader.read(front.as_mut_slice()));
unsafe {
front.set_len(size);
}
let size = try!(reader.read(back.as_mut_slice()));
unsafe {
back.set_len(size);
}

This means that a buggy Read implementation that returns more bytes than the buf size can cause front and back to contain initialized memory. See this example:

#![forbid(unsafe_code)]

use rdiff::BlockHashes;
use std::io::{Cursor, Read};

struct MyRead {
    first: bool,
}

impl MyRead {
    pub fn new() -> Self {
        MyRead { first: false }
    }
}

impl Read for MyRead {
    fn read(&mut self, _buf: &mut [u8]) -> std::io::Result<usize> {
        if !self.first {
            self.first = true;
            // First iteration: return more than the buffer size
            Ok(256)
        } else {
            // Second iteration: indicate that we are done
            Ok(0)
        }
    }
}

fn main() {
    let mut hashes = BlockHashes::new(Cursor::new("Hello"), 32).unwrap();
    let diff = hashes.diff_and_update(MyRead::new()).unwrap();

    for insert in diff.inserts() {
        println!("{:?}", insert);
    }
}

This outputs:

Insert(0, '1���� =�>�U��X���������������X�q')

I think there should be an assert in Window::new to ensure that the number of bytes are <= block_size

Serializing and deserializing diffs

I'd love to be able to serialize diffs to a file and then at a later point deserialize them again. I've checked the public API and while it is possible to obtain the list of operations, there is no way to create a diff object from such a list, nor to serialize and deserialize operations.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.