search

witnet / witnet-rust

Open source Rust implementation of the Witnet decentralized oracle protocol, including full node and wallet backend πŸ‘οΈπŸ¦€
https://docs.witnet.io
GNU General Public License v3.0
179 stars 56 forks source link

RUSTSEC-2021-0124: Data race when sending and receiving after closing a `oneshot` channel #2118

Open github-actions[bot] opened 2 years ago

github-actions[bot] commented 2 years ago

Data race when sending and receiving after closing a oneshot channel

Details
Package tokio
Version 0.1.22
URL https://github.com/tokio-rs/tokio/issues/4225
Date 2021-11-16
Patched versions >=1.8.4, <1.9.0,>=1.13.1
Unaffected versions <0.1.14

If a tokio::sync::oneshot channel is closed (via the oneshot::Receiver::close method), a data race may occur if the oneshot::Sender::send method is called while the corresponding oneshot::Receiver is awaited or calling try_recv.

When these methods are called concurrently on a closed channel, the two halves of the channel can concurrently access a shared memory location, resulting in a data race. This has been observed to cause memory corruption.

Note that the race only occurs when both halves of the channel are used after the Receiver half has called close. Code where close is not used, or where the Receiver is not awaited and try_recv is not called after calling close, is not affected.

See tokio#4225 for more details.

See advisory page for additional details.

tmpolaczyk commented 2 years ago

We use two different versions of tokio: 0.1.22 and 1.12.0. I opened #2119 to update from 1.12.0 to the latest version, but any packages that still use version 0.1.22 will remain affected by this issue:

$ cargo tree --no-dedupe --workspace -i tokio:0.1.22
tokio v0.1.22
β”œβ”€β”€ async-jsonrpc-client v0.1.0 (https://github.com/witnet/async-jsonrpc-client?branch=fix-tcp-leak#600a2d69)
β”‚   β”œβ”€β”€ witnet-centralized-ethereum-bridge v0.1.0 (/witnet-rust/bridges/centralized-ethereum)
β”‚   β”œβ”€β”€ witnet-ethereum-bridge v0.1.0 (/witnet-rust/bridges/ethereum)
β”‚   β”œβ”€β”€ witnet_net v0.1.0 (/witnet-rust/net)
β”‚   β”‚   β”œβ”€β”€ witnet-centralized-ethereum-bridge v0.1.0 (/witnet-rust/bridges/centralized-ethereum)
β”‚   β”‚   └── witnet_wallet v0.3.2 (/witnet-rust/wallet)
β”‚   β”‚       └── witnet v1.4.2 (/witnet-rust)
β”‚   └── witnet_wallet v0.3.2 (/witnet-rust/wallet)
β”‚       └── witnet v1.4.2 (/witnet-rust)
β”œβ”€β”€ hyper v0.12.36
β”‚   β”œβ”€β”€ hyper-tls v0.3.2
β”‚   β”‚   └── web3 v0.10.0
β”‚   β”‚       └── witnet-ethereum-bridge v0.1.0 (/witnet-rust/bridges/ethereum)
β”‚   └── web3 v0.10.0
β”‚       └── witnet-ethereum-bridge v0.1.0 (/witnet-rust/bridges/ethereum)
β”œβ”€β”€ jsonrpc-server-utils v15.1.0
β”‚   └── jsonrpc-ws-server v15.1.0
β”‚       └── witnet_net v0.1.0 (/witnet-rust/net)
β”‚           β”œβ”€β”€ witnet-centralized-ethereum-bridge v0.1.0 (/witnet-rust/bridges/centralized-ethereum)
β”‚           └── witnet_wallet v0.3.2 (/witnet-rust/wallet)
β”‚               └── witnet v1.4.2 (/witnet-rust)
β”œβ”€β”€ tokio-core v0.1.17
β”‚   β”œβ”€β”€ tokio-uds v0.1.7
β”‚   β”‚   └── web3 v0.10.0
β”‚   β”‚       └── witnet-ethereum-bridge v0.1.0 (/witnet-rust/bridges/ethereum)
β”‚   β”œβ”€β”€ web3 v0.10.0
β”‚   β”‚   └── witnet-ethereum-bridge v0.1.0 (/witnet-rust/bridges/ethereum)
β”‚   β”œβ”€β”€ websocket v0.21.1
β”‚   β”‚   └── web3 v0.10.0
β”‚   β”‚       └── witnet-ethereum-bridge v0.1.0 (/witnet-rust/bridges/ethereum)
β”‚   └── witnet-ethereum-bridge v0.1.0 (/witnet-rust/bridges/ethereum)
└── witnet-ethereum-bridge v0.1.0 (/witnet-rust/bridges/ethereum)