safety-dance icon indicating copy to clipboard operation
safety-dance copied to clipboard
verified publisher icon rust-secure-code

Audit `http`

Open thomcc opened this issue 6 years ago • 6 comments

This is a very popular crate (10k downloads / day, >2M all time), and is also a potential attack target, due to the fact that it is intended to be exposed directly to the network.

It does some tricky stuff with unsafe that's I've always felt was worth a close look at. In particular the HeaderMap and related code is quite complex and uses a lot of unsafe. The rest of the crate uses less, but still some.

See also #5

thomcc avatar Sep 07 '19 00:09 thomcc

I started looking into the code, and I'm about halfway done; I will open issues about my finding and keep this thread updated.

Qwaz avatar Nov 16 '19 02:11 Qwaz

Reported hyperium/http#352, hyperium/http#353, hyperium/http#354, and hyperium/http#355. I don't have enough time to work on PRs in the mean time, so I would appreciate it if someone else can take care of theese issues.

Qwaz avatar Nov 16 '19 17:11 Qwaz

Nice job, I'll see if I have the time to tackle these

danielhenrymantilla avatar Nov 16 '19 19:11 danielhenrymantilla

Wow, you've even found a double free! Great job!

Shnatsel avatar Nov 17 '19 11:11 Shnatsel

The bugs you've found are now showcased in the safety-dance trophy case in README. Thanks again!

Shnatsel avatar Feb 15 '20 17:02 Shnatsel

Sounds good, thank you!

Qwaz avatar Feb 15 '20 20:02 Qwaz