[ENet-discuss] Enet Security leak ?
lsalzman1 at cox.net
Thu Aug 10 10:31:04 PDT 2006
That was just some random script kiddie looking to make a name for
himself by going around and finding buffer overflows in whatever
irrelevant projects he can prey upon.
But, to answer your question: is ENet bullet-proof? No. Obvious exploits
have been fixed, but I'm sure if you went over it in fine detail you
could still find something to exploit. I don't think there's a
networking library where that's not the case, just that they have
obscurity working on their side. The only reason I guess it matters in
ENet is because the source is available, so you lose the obscurity
angle. But there are always simple ways to DoS something without having
intricate knowledge of the code.
But if bugs happen, report them and they get fixed to the best of my
ability. That's how this open source thing works. For extra credit, you
can even submit a patch. ;)
I will repeat my usual disclaimer: ENet is a little library I wrote and
pretty much maintain all by my lonesome self as a sub-project of a
project I am working on as a hobby in my spare time. You can most likely
find commercial libraries that provide more features, are more stable,
etc. But if you want a simple, manageable, unrestricted codebase from
which you can base further work upon, that's what ENet is for.
> I've read around the Internet that Enet has some security leaks.
> Example : http://secunia.com/product/8679/#advisories
> Could somebody say me if these leaks are now corrected ?
> If not, do you know a library that do the same as Enet, but without leaks ?
> I don't want some hacker to make my game server crash :s
> Too bad because Enet is a wonderful networking library :(
More information about the ENet-discuss