-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RUSTSEC-2021-0124: Data race when sending and receiving after closing a oneshot
channel
#3581
Comments
There's a whole bunch of deps using tokio v1.13.0 and it looks like tower v0.3.1 is using tokio v0.2.25 |
delta1
pushed a commit
to delta1/tari
that referenced
this issue
Nov 19, 2021
sdbondi
added a commit
to sdbondi/tari
that referenced
this issue
Nov 22, 2021
* development: feat: language detection for mnemonic seed words (tari-project#3590) chore: minor clippy fixes (tari-project#3576) fix: be more permissive of responses for the incorrect request_id (tari-project#3588) feat: track ping failures and disconnect (tari-project#3597) chore: upgrade tokio deps tari-project#3581 (tari-project#3595) feat: standardize output hash for unblinded output, transaction output and transaction input (tari-project#3592) fix: allow bullet proof value only rewinding off one-sided transaction (tari-project#3587) refactor: update miningcore repository links (tari-project#3593) refactor: clean up unwraps in wallet_ffi (tari-project#3585) fix: update daily test start times and seed phrase (tari-project#3584) fix: allow bullet proof value only rewinding in atomic swaps (tari-project#3586) v0.21.2 fix: remove delay from last request latency call
sdbondi
added a commit
to sdbondi/tari
that referenced
this issue
Nov 23, 2021
* development: (46 commits) refactor: remove tari_common dependency from tari_comms (tari-project#3580) feat: language detection for mnemonic seed words (tari-project#3590) chore: minor clippy fixes (tari-project#3576) fix: be more permissive of responses for the incorrect request_id (tari-project#3588) feat: track ping failures and disconnect (tari-project#3597) chore: upgrade tokio deps tari-project#3581 (tari-project#3595) feat: standardize output hash for unblinded output, transaction output and transaction input (tari-project#3592) fix: allow bullet proof value only rewinding off one-sided transaction (tari-project#3587) refactor: update miningcore repository links (tari-project#3593) refactor: clean up unwraps in wallet_ffi (tari-project#3585) fix: update daily test start times and seed phrase (tari-project#3584) fix: allow bullet proof value only rewinding in atomic swaps (tari-project#3586) v0.21.2 feat: add atomic swap refund transaction handling (tari-project#3573) feat: improve wallet connectivity status for console wallet (tari-project#3577) v0.21.1 feat: add error codes to LibWallet for CipherSeed errors (tari-project#3578) ci: split cucumber job into two (tari-project#3583) feat(wallet): import utxo’s as EncumberedToBeReceived rather than Unspent (tari-project#3575) docs: rfc 0250_Covenants (tari-project#3574) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
tokio
0.2.25
>=1.8.4, <1.9.0,>=1.13.1
<0.1.14
If a
tokio::sync::oneshot
channel is closed (via theoneshot::Receiver::close
method), a data race may occur if theoneshot::Sender::send
method is called while the correspondingoneshot::Receiver
isawait
ed or callingtry_recv
.When these methods are called concurrently on a closed channel, the two halves
of the channel can concurrently access a shared memory location, resulting in a
data race. This has been observed to cause memory corruption.
Note that the race only occurs when both halves of the channel are used
after the
Receiver
half has calledclose
. Code whereclose
is not used, or where theReceiver
is notawait
ed andtry_recv
is not called after callingclose
,is not affected.
See tokio#4225 for more details.
See advisory page for additional details.
The text was updated successfully, but these errors were encountered: