Security: 5 vulnerability fixes (SSRF, exec bypass, chunked OOM, env UB, eviction)#430
Closed
devatsecure wants to merge 5 commits intoRightNow-AI:mainfrom
Closed
Security: 5 vulnerability fixes (SSRF, exec bypass, chunked OOM, env UB, eviction)#430devatsecure wants to merge 5 commits intoRightNow-AI:mainfrom
devatsecure wants to merge 5 commits intoRightNow-AI:mainfrom
Conversation
…ipping - Extract shared ssrf.rs module used by web_fetch.rs and host_functions.rs - Use url::Url for proper parsing (handles userinfo, IPv6, edge cases) - Fail CLOSED on DNS resolution failure (was silently allowing) - Strip userinfo from URLs before hostname extraction - Unified blocklist across both code paths (was inconsistent) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reject $(), backticks, and <()/>() in allowlist mode since these embed commands invisible to static command extraction. Full mode is unaffected. Clear error message directs users to full mode. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously only checked Content-Length header, which is absent for chunked transfer encoding. Now also checks actual body size after download via bytes(). Prevents memory exhaustion from large chunked responses. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Four call sites were using set_var/remove_var without the ENV_MUTEX guard, creating potential UB in multi-threaded async context. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Single-bucket eviction could leave total above MAX_RECEIPTS when the picked bucket had fewer entries than needed. Now iterates across all buckets until total is within bounds. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Member
|
thanks for the security audit! we're reviewing each fix individually against our existing security hardening. will keep you posted |
Member
|
Important security improvements but has merge conflicts across multiple files. Please rebase onto main and we'll merge promptly. |
Author
|
These changes were already merged directly into main. Closing as the rebase produces an empty diff — all 5 commits are in main. No resubmit needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
http://user@localhost) and usesurl::Urlfor proper parsing. Unified into singlessrf.rsmodule shared byweb_fetch.rsandhost_functions.rs.$(), backticks, and<()/>()were invisible toextract_all_commands(). Now rejected in allowlist mode with clear error directing users to full mode.Content-Lengthheader was checked, absent for chunked transfer encoding. Now also checksbytes().len()after download.set_var/remove_varcall sites lacked theENV_MUTEXguard, risking UB in async context. All wrapped.MAX_RECEIPTS. Now iterates all DashMap buckets.Test plan
cargo build --workspace --libpassescargo test --workspacepasses (1,767+ tests)cargo clippy --workspace --all-targets -- -D warningszero warnings🤖 Generated with Claude Code