Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix sync crypto error handling to protect against DoS #2485

Merged
merged 3 commits into from
Feb 26, 2024

Conversation

not-a-rootkit
Copy link
Contributor

@not-a-rootkit not-a-rootkit commented Feb 19, 2024

Task/Issue URL: https://app.asana.com/0/0/1206634174761721/f
Tech Design URL:
CC:

Description:
During a security audit, it was discovered that a lack of error handling in the ddgSyncCrypto
library can cause unexpected crashes leading to remote DoS on iOS and macOS. This is a rare
occurrence and requires some work to test, but the crux is: an unexpected exception due to
invalid cipher text lengths returned by the Sync API.

Steps to test this PR:
1.
2.

Copy Testing:

  • Use of correct apostrophes in new copy, ie rather than '

Orientation Testing:

  • Portrait
  • Landscape

Device Testing:

  • iPhone SE (1st Gen)
  • iPhone 8
  • iPhone X
  • iPhone 14 Pro
  • iPad

OS Testing:

  • iOS 14
  • iOS 15
  • iOS 16

Theme Testing:

  • Light theme
  • Dark theme

Internal references:

Software Engineering Expectations
Technical Design Template

@github-actions github-actions bot added the bot: not in app board Added by automation for pull requests with tasks not added to iOS App Board Asana project label Feb 26, 2024
@ayoy ayoy marked this pull request as ready for review February 26, 2024 12:15
@ayoy ayoy removed the bot: not in app board Added by automation for pull requests with tasks not added to iOS App Board Asana project label Feb 26, 2024
Copy link
Contributor

@ayoy ayoy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ayoy ayoy merged commit d17c8fa into main Feb 26, 2024
22 of 23 checks passed
@ayoy ayoy deleted the tespach/sync/crypto-error-handling branch February 26, 2024 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants