Skip to content

Commit

Permalink
Fixed #551 by validating the server side is configured to allow pickl…
Browse files Browse the repository at this point in the history
…e and bumped version for major release to 6.
  • Loading branch information
comrumino committed Feb 23, 2024
1 parent 19a9f03 commit 21eb99d
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 2 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
6.0.0
=====
Date: 2024-02-23

- `#551`_ Resolves security issue that results in RCE. The fix breaks backwards compatibility for those that rely on the `__array__` attribute used by `numpy`. This RCE is only exploitable when the server-side gets the attribute `__array__` and calls it (e.g., `np.array(x)`). This issues effects all versions since major release 4.

.. _#551: https://github.com/tomerfiliba-org/rpyc/issues/551

5.3.1
=====
Date: 2023-02-21
Expand Down
3 changes: 3 additions & 0 deletions rpyc/core/netref.py
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,9 @@ def method(self, start, stop, *args):
def __array__(self):
# Note that protocol=-1 will only work between python
# interpreters of the same version.
if not object.__getattribute__(self,'____conn__')._config["allow_pickle"]:
# Security check that server side allows pickling per #551
raise ValueError("pickling is disabled")
return pickle.loads(syncreq(self, consts.HANDLE_PICKLE, -1))
__array__.__doc__ = doc
return __array__
Expand Down
4 changes: 2 additions & 2 deletions rpyc/version.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
__version__ = '5.3.1'
__version__ = '6.0.0'
version = tuple(__version__.split('.'))
release_date = "2023-02-21"
release_date = "2024-02-23"

0 comments on commit 21eb99d

Please sign in to comment.