mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
40 lines
1.5 KiB
Markdown
40 lines
1.5 KiB
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2021-0124"
|
|
package = "tokio"
|
|
aliases = ["CVE-2021-45710", "GHSA-fg7r-2g4j-5cgr"]
|
|
date = "2021-11-16"
|
|
url = "https://github.com/tokio-rs/tokio/issues/4225"
|
|
categories = ["memory-corruption", "thread-safety"]
|
|
keywords = ["race condition"]
|
|
|
|
[versions]
|
|
patched = [">= 1.8.4, < 1.9.0", ">= 1.13.1"]
|
|
unaffected = ["< 0.1.14"]
|
|
|
|
[affected.functions]
|
|
"tokio::sync::oneshot::Receiver::close" = ["<= 1.13.0, >= 0.1.14"]
|
|
```
|
|
|
|
# Data race when sending and receiving after closing a `oneshot` channel
|
|
|
|
If a `tokio::sync::oneshot` channel is closed (via the
|
|
[`oneshot::Receiver::close`] method), a data race may occur if the
|
|
`oneshot::Sender::send` method is called while the corresponding
|
|
`oneshot::Receiver` is `await`ed or calling `try_recv`.
|
|
|
|
When these methods are called concurrently on a closed channel, the two halves
|
|
of the channel can concurrently access a shared memory location, resulting in a
|
|
data race. This has been observed to [cause memory corruption][corruption].
|
|
|
|
Note that the race only occurs when **both** halves of the channel are used
|
|
after the `Receiver` half has called `close`. Code where `close` is not used, or where the
|
|
`Receiver` is not `await`ed and `try_recv` is not called after calling `close`,
|
|
is not affected.
|
|
|
|
See [tokio#4225][issue] for more details.
|
|
|
|
[corruption]: https://github.com/tokio-rs/tokio/issues/4225#issuecomment-967434847
|
|
[issue]: https://github.com/tokio-rs/tokio/issues/4225
|
|
[`oneshot::Receiver::close`]: https://docs.rs/tokio/1.14.0/tokio/sync/oneshot/struct.Receiver.html#method.close
|