fluffysquirrels
commented
5 years ago I added a warning as you describe in #29. Thank you for the suggestion.
Thank you for testing the library! Do you have any proposed fixes for the problems you found?
Open szanni opened 5 years ago
fluffysquirrels
commented
5 years ago I added a warning as you describe in #29. Thank you for the suggestion.
Thank you for testing the library! Do you have any proposed fixes for the problems you found?
szanni
commented
4 years ago Late reply but here it goes: as already noted in the security warning: bounds checks. Then there are other things to consider like DOS attacks, how big of a list do you really want to decode? This is not a problem that is easily solvable. There used to be a document with recommendations on the official website but I can't seem to find it right now!!?
As with regards to at least implementing said fixes: I sadly don't have the time to come up with something truly robust and secure.
I strongly believe that there should be a security warning in the README regarding malicious input. There is currently no code to verify buffers/structures, unless I missed something completely? I think a small notice like #29 should suffice.
Any program will crash horrendously should it encounter malicious/corrupted input. If anyone is interested, I adjusted the included tests/examples to be used with american fuzzy lop here. You can test with
make fuzz-memandmake fuzz-fp.