Snider/Mining
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Mining/miner/core/src/App_unix.cpp
snider 1101248397 fix: Address 22 security findings from parallel code review (Pass 2) 
Security fixes implemented:
- CRIT-001: SSRF IPv6 bypass protection (localhost, link-local, ULA, mapped)
- CRIT-002: cn_heavyZen3Memory leak fix with cleanup function
- CRIT-003: HTTP header size DoS prevention (8KB/16KB limits)
- CRIT-004: patchAsmVariants null check after allocation
- CRIT-005: autoPause race condition fix with atomics
- HIGH-001: OpenSSL strchr null pointer check
- HIGH-002: uv_loop_close error handling
- HIGH-004/005/006: Miner.cpp race conditions (atomic reset, mutex protection)
- HIGH-007: m_workersMemory dangling pointer fix
- HIGH-008: JIT buffer overflow bounds checking
- HIGH-009: Bearer prefix timing attack mitigation
- HIGH-010: CORS origin restriction to localhost
- HIGH-011: Per-IP connection limits (10 per IP) for DoS protection
- HIGH-012: SSRF 172.x RFC1918 range validation
- MED-002: pthread_join return value check on macOS
- MED-004: OclKawPowRunner exception-safe initialization
- MED-005: Generic error messages to prevent info disclosure
- MED-006: CRLF header injection prevention

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-31 19:28:22 +00:00

63 lines
1.9 KiB
C++
Raw Blame History

/* XMRig
* Copyright 2010 Jeff Garzik <jgarzik@pobox.com>
* Copyright 2012-2014 pooler <pooler@litecoinpool.org>
* Copyright 2014 Lucas Jones <https://github.com/lucasjones>
* Copyright 2014-2016 Wolf9466 <https://github.com/OhGodAPet>
* Copyright 2016 Jay D Dee <jayddee246@gmail.com>
* Copyright 2017-2018 XMR-Stak <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
* Copyright 2018-2024 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2024 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <cstdlib>
#include <csignal>
#include <cerrno>
#include <cstring>
#include <unistd.h>
#include "App.h"
#include "base/io/log/Log.h"
#include "core/Controller.h"
bool xmrig::App::background(int &rc)
{
if (!m_controller->isBackground()) {
return false;
}
int i = fork();
if (i < 0) {
// SECURITY: Log fork failure for diagnostics
LOG_ERR("fork() failed: %s (errno = %d)", strerror(errno), errno);
rc = 1;
return true;
}
if (i > 0) {
rc = 0;
return true;
}
if (setsid() < 0) {
LOG_ERR("setsid() failed (errno = %d)", errno);
}
return false;
}
Reference in a new issue View git blame Copy permalink