From 6a31581e98f9f5e2efb58307dc532097bc948432 Mon Sep 17 00:00:00 2001 From: BlackHoleFox Date: Fri, 30 Oct 2020 19:19:34 -0500 Subject: [PATCH] Add advisory for use-after-free in futures-util task::waker --- crates/futures-task/RUSTSEC-0000-0000.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 crates/futures-task/RUSTSEC-0000-0000.md diff --git a/crates/futures-task/RUSTSEC-0000-0000.md b/crates/futures-task/RUSTSEC-0000-0000.md new file mode 100644 index 0000000..83434fd --- /dev/null +++ b/crates/futures-task/RUSTSEC-0000-0000.md @@ -0,0 +1,23 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "futures-task" +date = "2020-09-04" +url = "https://github.com/rust-lang/futures-rs/pull/2206" +categories = ["code-execution", "memory-corruption"] +keywords = ["use-after-free", "arbitrary code execution", "memory-corruption", "memory-management"] + +[versions] +patched = [">= 0.3.6"] +unaffected = ["<= 0.2.1"] + +[affected] +functions = { "futures_task::waker" = [">= 0.3.0"] } +``` + +# futures_task::waker may cause a use-after-free if used on a type that isn't 'static + +Affected versions of the crate did not properly implement a `'static` lifetime bound on the `waker` function. +This resulted in a use-after-free if `Waker::wake()` is called after original data had been dropped. + +The flaw was corrected by adding `'static` lifetime bound to the data `waker` takes.