Dependencies: [Security] Bump rustix from 0.36.5 to 0.36.17
Bumps rustix from 0.36.5 to 0.36.17. This update includes a security fix.
Vulnerabilities fixed
rustix's
rustix::fs::Diriterator with thelinux_rawbackend can cause memory explosionSummary
When using
rustix::fs::Dirusing thelinux_rawbackend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue inrustix::fs::Dir::read_more, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application.Details
Discovery
The symptoms were initially discovered in imsnif/bandwhich#284. That post has lots of details of our investigation. See this post and the Discord thread for details.
Diagnosis
This issue is caused by the combination of two independent bugs:
- Stuck iterator
- The
rustix::fs::Diriterator can fail to halt after encountering an IO error, causing the caller to be stuck in an infinite loop.
- Memory over-allocation
Dir::read_moreincorrectly grows the read buffer unconditionally each time it is called, regardless of necessity.Since
<Dir as Iterator>::nextcallsDir::read, which in turn callsDir::read_more, this means an IO error encountered during reading a directory can lead to rapid and unbounded growth of memory use.
... (truncated)
Patched versions: 0.36.16 Affected versions: >= 0.36.0, < 0.36.16
Commits
-
76c998cchore: Release rustix version 0.36.17 -
1c6013aFix p{read,write}v{,v2}'s encoding of the offset argument on Linux. (#896) (#... -
6534992chore: Release rustix version 0.36.16 -
4928cf7Disable riscv64 testing. -
8cc159cFix thetest_ttyname_oktest when /dev/stdin is inaccessable. (#821) -
6dc7ba9Downgrade dependencies and disable tests to compile under Rust 1.48. -
ded8986Disable MIPS in CI. (#793) -
739f9c3Fixes forDiron macOS, FreeBSD, and WASI. -
87481a9Merge pull request from GHSA-c827-hfw6-qwvm -
5b764b5chore: Release rustix version 0.36.15 - Additional commits viewable in compare view