search

Matrix-Zhang / tokio_kcp

A Kcp implementation for tokio
MIT License
176 stars 44 forks source link

Bug: panic on receiving maliciously small packets #28

Closed Banyc closed 1 year ago

Banyc commented 1 year ago

There is an assertion on kcp.rs:46:5 from crate kcp:

/// Read `conv` from raw buffer
pub fn get_conv(mut buf: &[u8]) -> u32 {
    assert!(buf.len() >= KCP_OVERHEAD as usize);

When the receiver gets hit with a packet smaller than KCP_OVERHEAD, the whole process will just die.

I triggered this by simply nc the port with some random characters.

Banyc commented 1 year ago

@zonyitoo I bumped in this bug again and realized that this fix has not been in crates.io yet. It will be great to release it, huge thanks!

zonyitoo commented 1 year ago

released v0.9.5.