aboutsummaryrefslogtreecommitdiff
path: root/Utility/SimpleProtocol.hs
Commit message (Collapse)AuthorAge
* git-annex-shell, remotedaemon, git remote: Fix some memory DOS attacks.Gravatar Joey Hess2016-12-09
| | | | | | | | | | | | | | | | | | | | | The attacker could just send a very lot of data, with no \n and it would all be buffered in memory until the kernel killed git-annex or perhaps OOM killed some other more valuable process. This is a low impact security hole, only affecting communication between local git-annex and git-annex-shell on the remote system. (With either able to be the attacker). Only those with the right ssh key can do it. And, there are probably lots of ways to construct git repositories that make git use a lot of memory in various ways, which would have similar impact as this attack. The fix in P2P/IO.hs would have been higher impact, if it had made it to a released version, since it would have allowed DOSing the tor hidden service without needing to authenticate. (The LockContent and NotifyChanges instances may not be really exploitable; since the line is read and ignored, it probably gets read lazily and does not end up staying buffered in memory.)
* extend p2p protocol to support gitremote-helpers connectGravatar Joey Hess2016-11-19
| | | | | | | | A bit tricky since Proto doesn't support threads. Rather than adding threading support to it, ended up using a callback that waits for both data on a Handle, and incoming messages at the same time. This commit was sponsored by Denis Dzyubenko on Patreon.
* implementation of peer-to-peer protocolGravatar Joey Hess2016-11-17
| | | | | | | | | | | | | | | | For use with tor hidden services, and perhaps other transports later. Based on Utility.SimpleProtocol, it's a line-based protocol, interspersed with transfers of bytestrings of a specified size. Implementation of the local and remote sides of the protocol is done using a free monad. This lets monadic code be included here, without tying it to any particular way to get bytes peer-to-peer. This adds a dependency on the haskell package "free", although that was probably pulled in transitively from other dependencies already. This commit was sponsored by Jeff Goeke-Smith on Patreon.
* comment typoGravatar Joey Hess2015-10-12
|
* WIP on making --quiet silence progress, and infra for concurrent progress barsGravatar Joey Hess2015-04-03
|
* rename bothHandles -> ioHandlesGravatar Joey Hess2015-04-03
|
* update my email address and homepage urlGravatar Joey Hess2015-01-21
|
* relicense general utility library code to BSDGravatar Joey Hess2014-05-10
| | | | | Omitted a couple of files what have had significant contributions from others.
* remotedaemon: avoid extraneous stdout outputGravatar Joey Hess2014-04-08
|
* factored out Utility.SimpleProtocol from the external special remote ↵Gravatar Joey Hess2014-04-05
implementation
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-11 14:48:35 +0000