Listen to this Post
The vulnerability exists in the `processPieceFromSource` method. This method writes data pieces to storage and updates a Task structure. A critical error occurs due to an uninitialized variable `n` of type int64. This variable is used as a guard for a conditional statement that calls `AddTraffic` to update the task’s `usedTraffic` metadata field. However, the `n` variable is never assigned a value, defaulting to 0. The method correctly obtains the size of the written data in `result.Size` but fails to use it in the condition. Therefore, the `pt.AddTraffic(uint64(n))` call is never executed, leaving the `usedTraffic` field unupdated. This incorrect metadata causes the system’s rate limiting mechanism to malfunction, ultimately leading to a denial-of-service condition for the peer processing the task.
Platform: Dragonfly
Version: <2.1.0
Vulnerability: DoS
Severity: Critical
date: 2022
Prediction: 2022-07-15
What Undercode Say:
grep -r "processPieceFromSource" src/ grep -A 10 -B 2 "var n int64" src/
// Vulnerable Code Snippet
var n int64
result.Size, err = pt.GetStorage().WritePiece(ctx, req, offset, int64(len(data)))
result.FinishTime = time.Now().UnixNano()
if n > 0 { // n is always 0
pt.AddTraffic(uint64(n)) // Never executed
}
// Patched Code Snippet
writtenSize, err := pt.GetStorage().WritePiece(ctx, req, offset, int64(len(data)))
result.Size = writtenSize
result.FinishTime = time.Now().UnixNano()
if writtenSize > 0 {
pt.AddTraffic(uint64(writtenSize))
}
How Exploit:
Malicious peers trigger task processing, exploiting incorrect rate-limiting to cause denial-of-service.
Protection from this CVE
Upgrade to v2.1.0.
Impact:
Peer Denial-of-Service.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

