Skip to content

v2.3.4
Compare
Choose a tag to compare
@p12tic p12tic released this 01 Nov 20:52
· 357 commits to master since this release
v2.3.4
This tag was signed with the committer’s verified signature.
p12tic Povilas Kanapickas
GPG key ID: C6F7AE200374452D
Learn about vigilant mode.
c43597c

Security fixes

  • Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).

    Previously repeated failing connections would leak file descriptors leading to Barrier being unable to receive new connections from clients.

  • Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).

    Previously it was possible for a malicious client or server to send excessive length messages leading to denial of service by resource exhaustion.

  • Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message. (fixes CVE-2021-42074). This bug allowed an unauthenticated attacker to crash Barrier with only network access.

All of the above security issues have been reported by Matthias Gerstner who was really helpful for resolving them.

Bug fixes

  • Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients under heavy load.
Assets 4
Loading