Comments (9)
I've discovered that a while ago too and contacted the maintainer about it on the 2023-02-16., but they didn't respond yet.
If anyone is interested in a fork of microbin by... well, me (which fixes that and adds some other features that were requested here), here is the link to the repo: https://gitlab.com/obsidianical/microbin
from microbin.
There are more severe things:
- The service is not handling invalid UTF-8 data well and panics. This keeps the lock on the "database" poisoned rendering the service inaccessible.
- The service keeps a lock while operating on its database, making async kind of pointless.
- The service serializes and writes the entire database file to disk each time a pasta is fetched. This will not scale well in the long run.
Disclaimer: I write a similar service …
from microbin.
Microbins json database is a joke. I'm aware of that. It's kinda a high priority TODO for my fork at the moment.
How do I reproduce the UTF-8 data thing? I'm gonna look into fixing that ASAP if I can diagnose it
from microbin.
How do I reproduce the UTF-8 data thing?
Paste invalid UTF-8 and you are good.
from microbin.
I've tried crashing a local dev instance, and I haven't been able to, even after pasting a raw binary program, random bytes, and a stress tester file for invalid UTF-8. I don't think that'll cause many problems, since triggering this issue at all was quite impossible to me so far. If you can provide a sample of a string that does crash it, please do.
from microbin.
It does not crash the entire server because actix installs a panic handler but it renders the upload and a few other endpoints useless. Try
wget https://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
curl -F "expiration=10min" -F [email protected] -X POST http://0.0.0.0:8080/upload
From now on, every time you try to paste something either via the REST endpoint or the UI, it will fail with
thread 'actix-rt|system:0|arbiter:0' panicked at 'called `Result::unwrap()` on an `Err` value: PoisonError { .. }', src/endpoints/create.rs:40:41
Edit: also the List and Info endpoints do not work anymore.
from microbin.
While there seems to be an error, pasting still seems to work on my fork. It seems that I fixed the problem preventing pasting (by accident)
The fix seems to have been that I switched to an async aware mutex for another unrelated reason, which seems to unlock after a thread crashes.
from microbin.
@szabodanika, apologies for tagging you. With this CVE in the wild for a month, should we consider this project unmaintained? Apologies for being blunt, I love the tool and just wanted to know the status :)
from microbin.
Thanks a lot @7a6163 for #143! I apologise, I had to put aside personal projects as I was very busy with work and studies. I am back on working on v1.3.0 release now, cleaning up backlog in priority order. I am an active user of this software, therefore it will never be abandoned.
from microbin.
Related Issues (20)
- Feature request: add option to disable "remove" endpoint HOT 1
- add option for stripping EXIF data on image/video uploads HOT 1
- add option to randomise filenames of file uploads HOT 1
- server 502 error HOT 2
- MICROBIN_DEFAULT_EXPIRY=never does not update selected value in option Expiration Dropdown
- Line wrapping HOT 1
- add different language
- [feature request] when uploading over curl, is it possible to issue a response with the URL of the paste? HOT 3
- Docker: Provide sample docker-compose.yml, especially on hub.docker.com HOT 5
- Custom URL HOT 1
- custom list of animal names
- "New" link with extra space
- Add embedding for media HOT 3
- Version number not updated (after updating to 1.2.1) HOT 2
- Wrong link on microbin.eu HOT 3
- Enhancement Request: Add File Attachment Size Limits HOT 1
- option to set --default-expiry=never doesn't work. (1.2.1) HOT 1
- feature request: return pasta link on response to upload
- CSS not found after updating to 1.2.1 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from microbin.