Impact
In the buildDownloadPieceHTTPRequest and DownloadTinyFile methods (figures 6.1 and 6.2), there are array slicing operations with hard-coded indexes. If the arrays are smaller than the indexes, the code panics.
This finding’s severity is informational, as we were not able to trigger the panic with a request from an external actor.
func (p *pieceDownloader) buildDownloadPieceHTTPRequest(ctx context.Context, d
*DownloadPieceRequest) *http.Request {
// FIXME switch to https when tls enabled
targetURL := url.URL{
Scheme:
Host:
Path:
RawQuery: fmt.Sprintf("peerId=%s", d.DstPid),
p.scheme,
d.DstAddr,
fmt.Sprintf("download/%s/%s", d.TaskID[:3], d.TaskID),
}Patches
- Dragonfy v2.1.0 and above.
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at [email protected].
Impact
In the buildDownloadPieceHTTPRequest and DownloadTinyFile methods (figures 6.1 and 6.2), there are array slicing operations with hard-coded indexes. If the arrays are smaller than the indexes, the code panics.
This finding’s severity is informational, as we were not able to trigger the panic with a request from an external actor.
Patches
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at [email protected].