Re: LSD0001 review

gnunet-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LSD0001 review

From:	Schanzenbach, Martin
Subject:	Re: LSD0001 review
Date:	Thu, 10 Feb 2022 22:34:33 +0000


> On 10. Feb 2022, at 23:26, Maxime Devos <maximedevos@telenet.be> wrote:
> 
> Schanzenbach, Martin schreef op ma 07-02-2022 om 19:02 [+0000]:
>>>> LEGACY HOSTNAME
>>>>     A UTF-8 string (which is not 0-terminated) representing the
>>>> legacy hostname.
>>> 
>>> What happens if it contaings \0, or ends with two dots, does that
>> mean
>>> the LEHO record is invalid and must be rejected?  If it is in
>> punycode,
>>> why say ‘A UTF-8 string’ instead of ’an ASCII string’?
>> 
>> It is not in punycode. It is just a UTF-8 string.
>> Why is it not 0-terminated? TBH I am not sure, probably to save a
>> byte :)
> 
> Some context on this question about nul characters.
> 
> Consider a C application that is asked to contact http://i.hate.c,
> a website about the use of "\0" in C software.  i.hate.c has a LEHO
> record with value "foo\0bar.com" (and some VPN or AAAA record).
> 
> Perhaps the HTTP spec disallows \0 in the "Host" header,
> and the C application hence gives some kind of error message
> about not being able to contact i.hate.c.  No problem in this case.
> 
> Perhaps the C applications assumes that GNS will only return ‘proper’
> hostnames, add a \0 to the end of the record, and
> use strlen("foo\0bar.com") (= 3) to determine how large a buffer needs
> to be calculated, and copy "foo\0bar.com" (the whole thing of size 12
> (including terminating\0)) into the buffer that's only of size 3,
> resulting in a buffer overflow.
> 
> (Variants of) the second scenario seems plausible to me.
> 
> As such, I would recommend forbidding \0 bytes in GNS,
> or mentioning problems involving \0 in a section ‘Security
> considerations’.

While I understand the problem GNS defines strings to be UTF-8 (notwithstanding 
punycode exceptions).
You can't have UTF-8 strings with a zero terminator without having it mean 
exactly that: A string termination.

Yes, you can say "but what if it is not a UTF-8 string", but that is not really 
the problem of the GNS spec.
It normatively defines it as such and the implementation must comply (with 
UTF-8).
See also https://en.wikipedia.org/wiki/Null-terminated_string section in 
"Character encoding".

BR

> 
> Greetings,
> Maxime.

signature.asc
Description: Message signed with OpenPGP

[Prev in Thread]

Current Thread

[Next in Thread]

LSD0001 review, Maxime Devos, 2022/02/07
- Re: LSD0001 review, Schanzenbach, Martin, 2022/02/07
  - Re: LSD0001 review, Maxime Devos, 2022/02/07
    - Re: LSD0001 review, Schanzenbach, Martin, 2022/02/07
  - Re: LSD0001 review, Schanzenbach, Martin, 2022/02/07
  - Re: LSD0001 review, Maxime Devos, 2022/02/10
    - Re: LSD0001 review, Schanzenbach, Martin, 2022/02/10
    - Re: LSD0001 review, Maxime Devos, 2022/02/10
  - Re: LSD0001 review, Maxime Devos, 2022/02/10
    - Re: LSD0001 review, Schanzenbach, Martin <=
    - Re: LSD0001 review, Maxime Devos, 2022/02/10

Prev by Date: Re: LSD0001 review
Next by Date: Re: LSD0001 review
Previous by thread: Re: LSD0001 review
Next by thread: Re: LSD0001 review
Index(es):
- Date
- Thread