[ENet-discuss] Enet Security leak ?

Jmgr jmgr at jmgr.info
Thu Aug 10 14:58:18 PDT 2006 

Ok, I'm happy that it isn't a great problem, and I'm sure I make lots of 
leaks in my code, so it doesn't matter anyway.

The problem is that some Gentoo guy has listed Enet as "unsecure", that 
means that I can't download, compile and install Enet under Gentoo with 
"emerge enet" :( (handmade compiling & installing works, but emerge is 
simpler)

Anyway im using Enet under Windows XP and Gentoo 2006.0 and have never 
found bugs.

Enet should be more known, because its simply the best library for 
somebody like me who makes small open source games ^^

Well, thanks for answering and "keep up the good work", as some people 
says ;)

Jmgr

Lee Salzman wrote :
> That was just some random script kiddie looking to make a name for 
> himself by going around and finding buffer overflows in whatever 
> irrelevant projects he can prey upon.
>
> But, to answer your question: is ENet bullet-proof? No. Obvious exploits 
> have been fixed, but I'm sure if you went over it in fine detail you 
> could still find something to exploit. I don't think there's a 
> networking library where that's not the case, just that they have 
> obscurity working on their side. The only reason I guess it matters in 
> ENet is because the source is available, so you lose the obscurity 
> angle. But there are always simple ways to DoS something without having 
> intricate knowledge of the code.
>
> But if bugs happen, report them and they get fixed to the best of my 
> ability. That's how this open source thing works. For extra credit, you 
> can even submit a patch. ;)
>
> I will repeat my usual disclaimer: ENet is a little library I wrote and 
> pretty much maintain all by my lonesome self as a sub-project of a 
> project I am working on as a hobby in my spare time. You can most likely 
> find commercial libraries that provide more features, are more stable, 
> etc. But if you want a simple, manageable, unrestricted codebase from 
> which you can base further work upon, that's what ENet is for.
>
> Lee
>
> Jmgr wrote:
>   
>> Hi,
>>
>> I've read around the Internet that Enet has some security leaks.
>>
>> Example : http://secunia.com/product/8679/#advisories
>>
>> Could somebody say me if these leaks are now corrected ?
>>
>> If not, do you know a library that do the same as Enet, but without leaks ?
>> I don't want some hacker to make my game server crash :s
>>
>> Too bad because Enet is a wonderful networking library :(
>>
>> Thanks,
>> Jmgr
>>
>>     
>
> _______________________________________________
> ENet-discuss mailing list
> ENet-discuss at cubik.org
> http://lists.cubik.org/mailman/listinfo/enet-discuss
>
>
>

More information about the ENet-discuss mailing list