ac6d9b34cc
We read a JSON message from the buffer, after converting it from raw bytes to UTF-8, and returning the remainder of the byte array back to the caller. However the return value of `raw_decode` refers to symbols in the UTF-8 decoded string, not the raw bytes underlying byte-array, which means that if we have multi-byte encoded UTF-8 symbols in the byte-array we end up with a misaligned offset and will return part of the message as remainder. This would then end up being interpreted as the result of the next call. This could not be exploited currently since we use a socket only for a single JSON-RPC call and will close the connection afterwards, but since we want to eventually recycle connections for multiple calls, this could have been very dangerous. Signed-off-by: Christian Decker <decker.christian@gmail.com> Reported-by: Corné Plooy <@bitonic-cjp> |
||
|---|---|---|
| .. | ||
| init | ||
| plugins | ||
| pylightning | ||
| Dockerfile.builder | ||
| Dockerfile.builder.fedora | ||
| Dockerfile.builder.i386 | ||
| lightning-cli.bash-completion | ||
| linuxarm32v7.Dockerfile | ||
| short_channel_id-to-txid.sh | ||