Listen to this Post
The vulnerability exists in the DragonFly codebase where the first return value of a function is dereferenced without checking if the function returned an error first. In the provided code snippet, `source.NewRequestWithContext` returns a request pointer and an error. If an error occurs, the code logs the error but then incorrectly dereferences the `request` variable (request.URL) which is nil when an error is returned. This nil pointer dereference causes a panic, crashing the process. A malicious peer can exploit this by sending a crafted `dfdaemonv1.DownRequest` that triggers an error condition in the request generation process, leading to the nil dereference in the `server.Download` method and a subsequent service denial.
Platform: DragonFly BSD
Version: <2.1.0
Vulnerability: Nil Dereference
Severity: Critical
date: 2021-12-14
Prediction: 2021-12-21
What Undercode Say:
curl -X POST http://target-peer:port/api/v1/download -H "Content-Type: application/json" -d '{"url":"invalid-url-scheme://example.com/file"}'
req, err := someFunction()
if err != nil {
log.Error(err)
return err // Missing nil check for 'req' leads to panic if used later
}
How Exploit:
Malicious peer sends malformed `dfdaemonv1.DownRequest` to target peer, triggering error path during HTTP request generation, causing a nil pointer dereference and daemon panic.
Protection from this CVE
Upgrade to DragonFly v2.1.0+.
Impact:
Service Downtime (DoS) via process panic.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

