add changelog and missing file
This commit is contained in:
parent
eae839e484
commit
a9c13d45fd
@ -1,3 +1,11 @@
|
|||||||
|
**Changes in Veilid 0.1.9**
|
||||||
|
- SECURITY FIX
|
||||||
|
* DESCRIPTION: Decompression was occurring in an unbounded way upon envelope receipt.
|
||||||
|
* IMPACT: Node crashes resulting in downtime. There was no risk of RCE or compromise due to Rust's memory protections and no use of unsafe code near the site of the error.
|
||||||
|
* INDICATIONS: This resulted in an out-of-memory abort on nodes. Issue first identified on the bootstrap servers.
|
||||||
|
* REMEDIATION: Length check added to decompression on envelopes.
|
||||||
|
- Earthfile support for generating a debug executable
|
||||||
|
|
||||||
**Changes in Veilid 0.1.8**
|
**Changes in Veilid 0.1.8**
|
||||||
- Fix Python Install Instructions
|
- Fix Python Install Instructions
|
||||||
- Fix to get server version from crate
|
- Fix to get server version from crate
|
||||||
|
25
veilid-core/src/veilid_api/serialize_helpers/compression.rs
Normal file
25
veilid-core/src/veilid_api/serialize_helpers/compression.rs
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
use super::*;
|
||||||
|
use lz4_flex::block;
|
||||||
|
|
||||||
|
use crate::apibail_generic;
|
||||||
|
|
||||||
|
pub fn compress_prepend_size(input: &[u8]) -> Vec<u8> {
|
||||||
|
block::compress_prepend_size(input)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn decompress_size_prepended(
|
||||||
|
input: &[u8],
|
||||||
|
max_size: Option<usize>,
|
||||||
|
) -> VeilidAPIResult<Vec<u8>> {
|
||||||
|
let (uncompressed_size, input) =
|
||||||
|
block::uncompressed_size(input).map_err(VeilidAPIError::generic)?;
|
||||||
|
if let Some(max_size) = max_size {
|
||||||
|
if uncompressed_size > max_size {
|
||||||
|
apibail_generic!(format!(
|
||||||
|
"decompression exceeded maximum size: {} > {}",
|
||||||
|
uncompressed_size, max_size
|
||||||
|
));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Ok(block::decompress(input, uncompressed_size).map_err(VeilidAPIError::generic)?)
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user