mirror of
https://gitlab.com/veilid/veilid.git
synced 2024-12-25 07:19:26 -05:00
add changelog and missing file
This commit is contained in:
parent
eae839e484
commit
a9c13d45fd
@ -1,3 +1,11 @@
|
||||
**Changes in Veilid 0.1.9**
|
||||
- SECURITY FIX
|
||||
* DESCRIPTION: Decompression was occurring in an unbounded way upon envelope receipt.
|
||||
* IMPACT: Node crashes resulting in downtime. There was no risk of RCE or compromise due to Rust's memory protections and no use of unsafe code near the site of the error.
|
||||
* INDICATIONS: This resulted in an out-of-memory abort on nodes. Issue first identified on the bootstrap servers.
|
||||
* REMEDIATION: Length check added to decompression on envelopes.
|
||||
- Earthfile support for generating a debug executable
|
||||
|
||||
**Changes in Veilid 0.1.8**
|
||||
- Fix Python Install Instructions
|
||||
- Fix to get server version from crate
|
||||
|
25
veilid-core/src/veilid_api/serialize_helpers/compression.rs
Normal file
25
veilid-core/src/veilid_api/serialize_helpers/compression.rs
Normal file
@ -0,0 +1,25 @@
|
||||
use super::*;
|
||||
use lz4_flex::block;
|
||||
|
||||
use crate::apibail_generic;
|
||||
|
||||
pub fn compress_prepend_size(input: &[u8]) -> Vec<u8> {
|
||||
block::compress_prepend_size(input)
|
||||
}
|
||||
|
||||
pub fn decompress_size_prepended(
|
||||
input: &[u8],
|
||||
max_size: Option<usize>,
|
||||
) -> VeilidAPIResult<Vec<u8>> {
|
||||
let (uncompressed_size, input) =
|
||||
block::uncompressed_size(input).map_err(VeilidAPIError::generic)?;
|
||||
if let Some(max_size) = max_size {
|
||||
if uncompressed_size > max_size {
|
||||
apibail_generic!(format!(
|
||||
"decompression exceeded maximum size: {} > {}",
|
||||
uncompressed_size, max_size
|
||||
));
|
||||
}
|
||||
}
|
||||
Ok(block::decompress(input, uncompressed_size).map_err(VeilidAPIError::generic)?)
|
||||
}
|
Loading…
Reference in New Issue
Block a user