[ENet-discuss] Enet Security leak ?

[Lee Salzman]

That was just some random script kiddie looking to make a name for 
himself by going around and finding buffer overflows in whatever 
irrelevant projects he can prey upon.

But, to answer your question: is ENet bullet-proof? No. Obvious exploits 
have been fixed, but I'm sure if you went over it in fine detail you 
could still find something to exploit. I don't think there's a 
networking library where that's not the case, just that they have 
obscurity working on their side. The only reason I guess it matters in 
ENet is because the source is available, so you lose the obscurity 
angle. But there are always simple ways to DoS something without having 
intricate knowledge of the code.

But if bugs happen, report them and they get fixed to the best of my 
ability. That's how this open source thing works. For extra credit, you 
can even submit a patch. ;)

I will repeat my usual disclaimer: ENet is a little library I wrote and 
pretty much maintain all by my lonesome self as a sub-project of a 
project I am working on as a hobby in my spare time. You can most likely 
find commercial libraries that provide more features, are more stable, 
etc. But if you want a simple, manageable, unrestricted codebase from 
which you can base further work upon, that's what ENet is for.

Lee

Jmgr wrote:
> Hi,
> 
> I've read around the Internet that Enet has some security leaks.
> 
> Example : http://secunia.com/product/8679/#advisories
> 
> Could somebody say me if these leaks are now corrected ?
> 
> If not, do you know a library that do the same as Enet, but without leaks ?
> I don't want some hacker to make my game server crash :s
> 
> Too bad because Enet is a wonderful networking library :(
> 
> Thanks,
> Jmgr
>