Hey, I want to report a security bug I have found in GNUnet (tested both 0.7.0d and revision 2758).
The bug is very simple and is an infinite loop in the UDP section of GNUnet. In short the usage of FIONREAD for handling the asynchronous socket creates problems when a packet of 0 bytes is received, the program will be no longer able to handle the incoming packets and the CPU reaches the 100% usage. Testing the bug is very simple, just send a packet of 0 bytes to the port 2086 of the program. There is a tool on my website which makes the job easily: http://aluigi.org/testz/udpsz.zip udpsz 127.0.0.1 2068 0 (if the link doesn't work copy it in the browser's bar). I wait your reply. BYEZ --- Luigi Auriemma http://aluigi.org http://mirror.aluigi.org _______________________________________________ Bug-GNUnet mailing list Bug-GNUnet@gnu.org http://lists.gnu.org/mailman/listinfo/bug-gnunet