diff --git a/SECURITY.md b/SECURITY.md index 3bb207a0..561a3956 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,6 +6,7 @@ | Version | Supported | | ------- | ------------------ | +| 4.3.x | :white_check_mark: | | 4.2.x | :white_check_mark: | | 4.1.x | :white_check_mark: | | 4.0.x | :white_check_mark: | @@ -21,6 +22,29 @@ please send a GPG encrypted email with the details to the maintainers: | Doron Somech | somdoron@gmail.com | E0B0 E3D1 55DD 6ED6 71FB 2B79 D0B9 CC44 867D 8F3D | | Luca Boccassi | luca.boccassi@gmail.com | A9EA 9081 724F FAE0 484C 35A1 A81C EA22 BC8C 7E2E | +## Internal severity classification + +We will attempt to follow this general policy when assigning a severity to +security issues. These are guidelines more than rules, and as such end +results might vary. + + +| Severity | Definition | +| -------- | ---------- | +| CRITICAL | endpoints using STRONG authentication are SILENTLY affected | +| HIGH | endpoints using STRONG authentication are VISIBLY affected | +| MODERATE | endpoints NOT using STRONG authentication are SILENTLY affected | +| LOW | endpoints NOT using STRONG authentication are VISIBLY affected | + +STRONG authentication means transports that use cryptography, for example CURVE +and TLS. + +VISIBLY affected means that platform owners are likely to immediately notice +misbehaviours, like crashes or loss of connectivity for legitimate peers. + +SILENTLY affected means that without close inspection, platform owners are +unlikely to notice misbehaviours, like remote code executions or data exfiltration. + ### Public keys
Doron Somech diff --git a/tests/test_bind_curve_fuzzer.cpp b/tests/test_bind_curve_fuzzer.cpp index 1993dd26..5b4d5c9c 100644 --- a/tests/test_bind_curve_fuzzer.cpp +++ b/tests/test_bind_curve_fuzzer.cpp @@ -71,14 +71,14 @@ extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size) send (client, (void *) data, 202, MSG_NOSIGNAL); data += 202; size -= 202; - recv (client, buf, 170, 0); + recv (client, buf, 170, MSG_DONTWAIT); } // Then send READY and expect INITIATE if there's enough data if (size >= 301) { send (client, (void *) data, 301, MSG_NOSIGNAL); data += 301; size -= 301; - recv (client, buf, 512, 0); + recv (client, buf, 512, MSG_DONTWAIT); } msleep (250); for (ssize_t sent = 0; size > 0 && (sent != -1 || errno == EINTR); diff --git a/tests/test_connect_curve_fuzzer.cpp b/tests/test_connect_curve_fuzzer.cpp index cc3f77fa..e0dbb386 100644 --- a/tests/test_connect_curve_fuzzer.cpp +++ b/tests/test_connect_curve_fuzzer.cpp @@ -91,8 +91,10 @@ extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size) zmq_msg_t msg; zmq_msg_init (&msg); - while (-1 != zmq_msg_recv (&msg, client, ZMQ_DONTWAIT)) + while (-1 != zmq_msg_recv (&msg, client, ZMQ_DONTWAIT)) { zmq_msg_close (&msg); + zmq_msg_init (&msg); + } close (server_accept); close (server);