rust-secure-code / safety-dance

Auditing crates for unsafe code which can be safely replaced
Apache License 2.0
536 stars 10 forks source link

Audit `http` #37

Open thomcc opened 5 years ago

thomcc commented 5 years ago

This is a very popular crate (10k downloads / day, >2M all time), and is also a potential attack target, due to the fact that it is intended to be exposed directly to the network.

It does some tricky stuff with unsafe that's I've always felt was worth a close look at. In particular the HeaderMap and related code is quite complex and uses a lot of unsafe. The rest of the crate uses less, but still some.

See also #5

Qwaz commented 5 years ago

I started looking into the code, and I'm about halfway done; I will open issues about my finding and keep this thread updated.

Qwaz commented 5 years ago

Reported hyperium/http#352, hyperium/http#353, hyperium/http#354, and hyperium/http#355. I don't have enough time to work on PRs in the mean time, so I would appreciate it if someone else can take care of theese issues.

danielhenrymantilla commented 5 years ago

Nice job, I'll see if I have the time to tackle these

Shnatsel commented 5 years ago

Wow, you've even found a double free! Great job!

Shnatsel commented 4 years ago

The bugs you've found are now showcased in the safety-dance trophy case in README. Thanks again!

Qwaz commented 4 years ago

Sounds good, thank you!