DragonFly BSD, Nil Pointer Dereference, CVE-2021-43816 (Critical)

Listen to this Post

The vulnerability exists in the DragonFly codebase where the first return value of a function is dereferenced without checking if the function returned an error first. In the provided code snippet, `source.NewRequestWithContext` returns a request pointer and an error. If an error occurs, the code logs the error but then incorrectly dereferences the `request` variable (request.URL) which is nil when an error is returned. This nil pointer dereference causes a panic, crashing the process. A malicious peer can exploit this by sending a crafted `dfdaemonv1.DownRequest` that triggers an error condition in the request generation process, leading to the nil dereference in the `server.Download` method and a subsequent service denial.
Platform: DragonFly BSD
Version: <2.1.0
Vulnerability: Nil Dereference
Severity: Critical

date: 2021-12-14

Prediction: 2021-12-21

What Undercode Say:

curl -X POST http://target-peer:port/api/v1/download -H "Content-Type: application/json" -d '{"url":"invalid-url-scheme://example.com/file"}'
req, err := someFunction()
if err != nil {
log.Error(err)
return err // Missing nil check for 'req' leads to panic if used later
}

How Exploit:

Malicious peer sends malformed `dfdaemonv1.DownRequest` to target peer, triggering error path during HTTP request generation, causing a nil pointer dereference and daemon panic.

Protection from this CVE

Upgrade to DragonFly v2.1.0+.

Impact:

Service Downtime (DoS) via process panic.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top