Dragonfly Nil Dereference Vulnerability Leading to Panic

A nil pointer dereference vulnerability has been identified in Dragonfly, an open-source P2P-based file distribution and image acceleration system, in versions prior to 2.1.0. The vulnerability arises because the first return value of certain functions is dereferenced even when an error is returned, leading to a nil dereference that causes the code to panic. This issue was discovered during a security audit by Trail of Bits.

Impact

Exploitation of this vulnerability can cause a panic in the application, disrupting its normal operation. According to the security audit report by Trail of Bits, this vulnerability could potentially be exploited by a malicious actor on a peer machine, leading to a nil pointer dereference and causing the application to panic.

Reproduction

To reproduce this vulnerability, a peer machine (referred to as Eve) can send a 'dfdaemonv1.DownRequest' to another peer (Alice). When Alice's machine receives the request, it may encounter a nil variable in the 'server.Download' method, resulting in a panic due to the nil pointer dereference.

Remediation

Users are advised to upgrade to Dragonfly version 2.1.0 or above.