is deserializing untrusted buffers safe? #547

andrewbanchich · 2025-02-20T17:28:08Z

andrewbanchich
Feb 20, 2025

The official docs say:

Cap’n Proto has not yet undergone security review. It most likely has some vulnerabilities. You should not attempt to decode Cap’n Proto messages from sources you don’t trust at this time.

https://capnproto.org/cxx.html#security-tips

This is under the C++ section, and I'm assuming it's implementation-specific. Is the Rust implementation safe when deserializing untrusted buffers?

Answered by dwrensha

Feb 20, 2025

capnproto-rust uses a lot of unsafe code, so it's difficult to assert that it is truly "safe". What I can say is that I have run a lot of fuzz testing on it, and a decent number of people seem to be using it. It's designed to return errors on malformed inputs, so if something else happens (via e.g. out-of-bounds access) then that's a bug that I would urgently fix.

View full answer

dwrensha · 2025-02-20T22:21:12Z

dwrensha
Feb 20, 2025
Maintainer

capnproto-rust uses a lot of unsafe code, so it's difficult to assert that it is truly "safe". What I can say is that I have run a lot of fuzz testing on it, and a decent number of people seem to be using it. It's designed to return errors on malformed inputs, so if something else happens (via e.g. out-of-bounds access) then that's a bug that I would urgently fix.

1 reply

andrewbanchich Feb 25, 2025
Author

thank you!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

is deserializing untrusted buffers safe? #547

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

is deserializing untrusted buffers safe? #547

andrewbanchich Feb 20, 2025

Replies: 1 comment · 1 reply

dwrensha Feb 20, 2025 Maintainer

andrewbanchich Feb 25, 2025 Author

andrewbanchich
Feb 20, 2025

Replies: 1 comment 1 reply

dwrensha
Feb 20, 2025
Maintainer

andrewbanchich Feb 25, 2025
Author