fix: audit protocol handling #3441
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
I know this might be undesirable because it costs performance, but the pattern that I usually follow for these kinds of casts is |
Collaborator
Author
|
For the most part, I'm trying to avoid panics because they've caused issues before. Trying to encode too large of a value is generally a recoverable error. |
5aa9d50 to
dd92def
Compare
36b57e5 to
ac0448c
Compare
ac0448c to
2cb6217
Compare
ef70eae to
e9ffde4
Compare
d93a20e to
8db2055
Compare
1efef02 to
37f53cc
Compare
0bb3fe0 to
59f5cd0
Compare
349c684 to
65feda5
Compare
2d39649 to
612a767
Compare
612a767 to
ab4ff34
Compare
f020d88 to
13594ad
Compare
13594ad to
7e48dbe
Compare
stxkxs
added a commit
to stxkxs/crustacean
that referenced
this pull request
Jan 14, 2026
upgrades sqlx from 0.7.4 to 0.8.6 to fix a critical security vulnerability where encoding values larger than 4GiB could cause integer overflow in the protocol length prefix, potentially allowing SQL injection at the protocol level. vulnerability details: - CVE: RUSTSEC-2024-0363 - affected versions: sqlx <= 0.8.0 - issue: binary protocol misinterpretation caused by truncating casts - impact: possible SQL injection via protocol-level smuggling - presentation: DEF CON 32 - "SQL Injection Isn't Dead" fix included in sqlx 0.8.1+: - added deny directives for clippy::cast_possible_truncation - added deny directives for clippy::cast_possible_wrap - added deny directives for clippy::cast_possible_loss - manual audit and fixes for all flagged code changes: - update sqlx from 0.7 to 0.8 in Cargo.toml - remove Cargo.lock from .gitignore (binary project needs reproducible builds) - commit Cargo.lock to ensure exact secure versions are used verification: - all 110 tests passing - release build successful - no breaking API changes references: - https://rustsec.org/advisories/RUSTSEC-2024-0363 - launchbadge/sqlx#3441
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #3440
Resolves https://rustsec.org/advisories/RUSTSEC-2024-0363.html
The last three commits may be cherry-picked against 6f29056 to see the exploit in action.
As of writing, only the Postgres driver actually appears to be exploitable before this patch, and appears to no longer be exploitable afterwards.