[3.x] [Net/ENet] Better handle truncated socket messages #79704
Conversation
Faless
added
bug
topic:network
cherrypick:3.5
|
Thanks! |
|
Cherry-picked for 3.5.3. |
akien-mga
removed
the
cherrypick:3.5
|
I review the changelog before we merge upstream into our products. I request that a description is always written for a pull request like this. |
|
You are free to ask that, but this is not a polite, or constructive, way of providing feedback or criticism, please read the code of conduct. The PR title and the commit titles are very descriptive of what is going on. Exactly two files were changed, doing exactly what the PR title says, handling truncated messages. |
|
Serious question, how would you write it to be more polite? |
|
First of all I first saw your very first message, before you edited it, which I think we can all agree was neither productive nor polite, I am sorry if my initial reaction was harsh, but your first response set me off But as I said, and though I understand your position, the way the message reads do me is demanding, so I'd suggest to approach it with a tone like "I'd like it if" or "I'd appreciate it if", as opposed to putting demands on the work of others, but language is complicated and perhaps the original intent does not always carry through in text, which I understand. Though I'd say that the more constructive way to communicate this is in other channels, rather than on a PR Have a nice day If we agree that this has been resolved we can mark these messages as off-topic |
|
@jasonwinterpixel the two PRs were originally under embargo, waiting to be applied in an official release, I have correctly updated the description now. |
|
Thank you for updating the description. I will commence investigating to see if we are affected by any relevant security issues. |
Update ENet to latest upstream master branch (
ea4607a90dbfbcf4da2669ea998585253d8e70b1at the time of the PR), plus lsalzman/enet@2a85cd6 , which fixes a DoS vulnerability in ENet library code originally discovered by @Facundo15 and reported to the Godot Security Team.The fix is included in 4.0.4, 3.5.3, and 4.1.2, and all 4.2 beta releases.
See #79699 for the 4.x version.