Closed jenny-cheung closed 2 years ago
Thank you indeed!
Hi, any security impacts for this lock leak issue? I think it is possible to trigger a DoS induced by deadlock due to reacquiring the same lock. Thanks so much
I don't think so... a DoS in this sort of application just causes some confusion to the user at worst...
@ismaell OK, thanks so much for your explanation
Dear developers: When the
connection_setup
fails, the function may return with the hold of lock &conn->lock that should be released. It may potentially lead to deadlock. Thank you for your checking!https://github.com/axel-download-accelerator/axel/blob/6046c2a799d82235337e4cba8c4d1fd8c56bc400/src/conn.c#L389