[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Security-discuss] handling integer overflows
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Security-discuss] handling integer overflows |
Date: |
Sun, 01 Apr 2012 19:38:29 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16 |
On 04/01/2012 08:49 AM, Niels Möller wrote:
>> I was wondering on how other gnu programs handle integer overflows.
> I think in many cases it is simpler and good enough to enforce
> reasonable (butsomewhat arbitrary) limits on the inputs.
> E.g., if you require that all der length fields are less than 2^20,
> that may be sufficient to avoid overflows (assuming that int is at
> least 32 bits). Sure, it's perfectly ok with the spec to include a
> multi-gigabyte cat movie in an x.509 certificate, but that doesn't mean
> that it's a good idea to actually support such certificates.
>
>> http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=3873c6a49122e3f15901646e072938557acd3f8e
>
> Some comments:
>
> 1. Do you really need signed values? For unsigned, addition overflow is
> sligthly simpler,
> s = x + y;
> if (s < x) overflow...
It might be that signed values are not really needed. I'll see whether
the same thing can be achieved with unsigned, which will simplify
things.
> 4. I think this type of code is prone to off-by-one-errors. I haven't
> tried to check for that, but one has to consider that carefully, and
> maybe some unit tests would make sense.
Do you mean the code for the safe multiplication/addition or the
original code for parsing asn.1?
regards,
Nikos