Closed
Description
\src\libstd\io\mod.rs
contains two methods that allow attacking code to read memory that it should otherwise not have access to. The methods are Reader.push()
and Reader.push_at_least()
. An attacker could write (or exploit) an implementation of Reader
, by implementing a read()
method that reads from the given buffer, rather than writing to it. Or by not writing at all, returning a non-zero byte count, and then calling push()
and seeing what memory was returned.
The push()
and push_at_least()
methods should probably just be deleted entirely. The support function slice_vec_capacity()
could also be deleted.
Metadata
Metadata
Assignees
Labels
No labels