Uri and Lev, Thank you very much for reporting and pull requests! I have approved the PR. We will evaluate the impact of this vulnerability.
Thanks, Jiangtao On Sun, Aug 25, 2019 at 6:18 AM Uri Eden <[email protected]> wrote: > Hi, > > > > Below please find the details of the vulnerability with an open PR - > https://github.com/grpc/grpc/pull/19766 found by our system architect – > Lev Pachmanov (CC’d). > > > > The problem is in the src/core/lib/iomgr/tcp_server_custom.cc: > tcp_server_add_port > > When the initializing of the socket object fails: > > > > grpc_custom_socket_vtable->init(socket, family); > > > > > > The error is value is not checked causing reference to an invalid pointer > later in add_socket_to_server. > > We encountered this scenario running on a platform where getaddrinfo > returns an IPv6 address while socket(AF_INET6, …) returns EAFNOSUPPORT. > > > > This vulnerability might be exploited using common null pointer > dereferences <https://cwe.mitre.org/data/definitions/476.html>. > > > > Hope this helps. > > Uri + Lev > > > > *From: *"jiangtao via grpc.io" <[email protected]> > *Reply-To: *"[email protected]" <[email protected]> > *Date: *Wednesday, August 21, 2019 at 7:50 PM > *To: *"grpc.io" <[email protected]> > *Subject: *[grpc-io] Re: Report vulnerability > > > > Thank you very much for keeping us in the loop. > > > > Could you please email detailed vulnerabilities to the private > [email protected] list? Production security engineers will > evaluate the vulnerability within 3 workdays. > > > > gRPC CVE process can be found in > https://github.com/grpc/proposal/blob/master/P4-grpc-cve-process.md > > > > Thanks, > > Jiangtao > > > > > On Wednesday, August 21, 2019 at 3:18:58 AM UTC-7, [email protected] wrote: > > Hi, > > > > Our team has recently discovered a Null Pointer Dereference security > vulnerability in gRPC. > > > > How do we disclose it and open a CVE. > > > > Thanks! > > -- > You received this message because you are subscribed to a topic in the > Google Groups "grpc.io" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/grpc-io/xAzkJAWBkmc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/grpc-io/e43d36ab-5a99-46bc-b654-a24ea984a6a8%40googlegroups.com > <https://groups.google.com/d/msgid/grpc-io/e43d36ab-5a99-46bc-b654-a24ea984a6a8%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CACcm8_haOe5bL-Y%2B%2B_JTM-CTP5VQb%3D-9P6B--HTdVd%3DtoS5qOg%40mail.gmail.com.
