Editor: Zhang Handong

The official | to promote GAT stability

The GAT RFC, launched in 2016 and now five years old, is finally nearing a steady state. GAT is one of the most anticipated issues in the Rust Github repository.

Now, after a lot of compiler modification, GAT has finally reached a “complete” state, and while there are some diagnostic issues, you will now not see the “generic_associated_types is incomplete” error when using GAT at nightly. But for now, to stabilize GAT, you’ll need your help testing the feature and asking questions for any bugs you find or potential diagnostic improvements. There are also some interesting modes that officials hope to implement on GAT.

Barring accidents, stability should be smooth over the next few months.

See the original article for details, which also explains what GAT is.

Blog.rust-lang.org/2021/08/03/…

New wASM-Bindgen release

Although the official Rust WebAssembly working group has been blogging for two years now, the actual work continues.

Recent Updates:

  • Upgrade a dependent version of the NPM package in the WebPack example
  • addno_derefProperties are generated for types that are selected not to be importedderefimplementation
  • Improved by non-zero initializing buffersTypedArray::to_vecperformance
  • Upgrade the latest WebGPU WebIDL

Github.com/rustwasm/wa…

Jump to definition is supported on the source page in Rustdoc

For example, on the source code (SRC) page in the library documentation, you might see something like the following:

mod other_module;
struct Foo;
fn bar() {}

fn x<T: other_module::Trait>(f: Foo, g: other_module::Whatever, t: &T) {
    let f: Foo = Foo;
    bar();
    f.some_method();
}
Copy the code

Among them, other_module::Trait, Foo, other_module::Whatever, bar and some_method all appear links. Click the links to jump to their definition page.

If there is a type from another Crate, it will be linked to its documentation page instead of its definition (but you can click [SRC]).

Github.com/rust-lang/r…

[CVE-2021-29922] Rust Net Module Vulnerability: Leading zero change IP address

This week, at DEF CON, Security researchers Cheng Xu, Victor Viale, Sick Codes, Nick Sahler, Kelly Kaoudis, Opennota and John Jackson have revealed a flaw in the NET module of the Go and Rust languages. Cve-2021-29922 (for Rust) and CVE-2021-29923 (for Golang).

IP addresses can be represented in a variety of formats, including hexadecimal and integer, although the most common IPv4 address is represented in decimal format.

For example, BleepingComputer’s IPv4 address is expressed as 104.20.59.209 in decimal format, but the same address can also be expressed as 0150.0024.0073.0321 in octal format.

Suppose you get an IP address in decimal format, 127.0.0.1, which is widely understood as a local loopback address or localhost.

If you prefix it with a 0, should the application still parse 0127.0.0.1 to 127.0.0.1 or something else? Type 0127.0.0.1 into Chrome’s address bar and the browser will treat it as an octal IP. When the Enter or return key is pressed, the IP actually becomes 87.0.0.1 in decimal, which is how most applications should handle such obscure IP addresses.

According to the original IETF specification, parts of an IPv4 address prefixed with “0” can be interpreted as octal.

But the NET modules in Go and Rust both ignore this and treat partial addresses as decimal.

Uncertain SSRF and RFI vulnerabilities caused by IP address input not being processed as octal in Rust 1.52.1 STD :: NET and below.

For example, an attacker submitting an IP address to a network program that relies on STD :: NET ::IpAddr can cause an SSRF by input data from a bit group;

If the ocTET is three bits, an attacker can submit an available IP address. The minimum available bit group is 08 (denial of service) and the maximum available bit group is 099 (denial of service).

For example, an attacker could submit 010.8.8.8, which is 8.8.8.8 (RFI), whereas STD :: NET ::IpAddr would be calculated as 10.8.8.8. Similarly, an attacker could enter 127.0.026.1, which is actually 127.0.22.1, but Rust calculates it as 127.0.26.1.

  • SSRF is Server-side Request Forge.
  • RFI stands for Remote File Inclusion. Clients can control web pages to include Remote files.

Affected Rust version: 1.52.1 and later.

The bug was fixed in March: github.com/rust-lang/r…

PoC code:

/ / # #! /usr/bin/env rustc
// # Authors: https://twitter.com/sickcodes, https://twitter.com/kaoudis
// # License: GPLv3+

use std::net::IpAddr;

fn main() {
  let addr = "127.026.0.1".parse::<IpAddr>().unwrap();
  println!("{}", addr.to_string());
  let addr1 = "127.0.026.1".parse::<IpAddr>().unwrap();
  println!("{}", addr1.to_string());
  let addr2 = "127.0.0.093".parse::<IpAddr>().unwrap();
  println!("{}", addr2.to_string());
  let addr3 = "099.0.0.01".parse::<IpAddr>().unwrap();
  println!("{}", addr3.to_string());
}

// $ rustc -o main main.rs
// $ ./main
/ / 127.26.0.1
/ / 127.0.26.1
/ / 127.0.0.93
/ / 99.0.0.1
Copy the code
  • Github.com/sickcodes/s…
  • www.bleepingcomputer.com/news/securi…

Related:

Broken code, aging standards and IPv4 resolution

A presentation on Rust/Go leading zero change IP address-related vulnerabilities

www.youtube.com/watch?v=_o1…

Deprecate llvm_asm! Pr has been merged

Overdue llvm_asm! And use the new ASM! Instead.

Github.com/rust-lang/r…

Rust IO Safety RFC has been implemented

This is the first step in adding ownership semantics to operating system resources!

Github.com/rust-lang/r…

Gcc Rust monthly report

GCC Rust (GCCRS) adds a GCC back end to GCC, and rustc_codegen_gcc is added to GCC.

They have different goals.

  • Github.com/Rust-GCC/gc…
  • Thephilbert. IO / 2021/08/02 /…

An enhanced error message format to be released in Rust 1.56

Cargo builds with diff – like output suggestions to help developers make changes if errors occur.

Github.com/rust-lang/r…