Skip to content
This repository has been archived by the owner on Aug 15, 2021. It is now read-only.

Prevent stack overflow from nested tags #153

Merged
merged 1 commit into from
Oct 3, 2019
Merged

Prevent stack overflow from nested tags #153

merged 1 commit into from
Oct 3, 2019

Conversation

pyfisch
Copy link
Owner

@pyfisch pyfisch commented Oct 3, 2019

In the deserializer decrement the remaining depth
each time a tagged value is encountered to prevent
stack overflows caused by this recursion.
Small malicious input can cause this overflow,
therefore it is considered to be a security issue.

I'd like to thank Eric Rafaloff at Trail of Bits,
who discovered this issue during a code review,
for reporting it.

Add a test case.

In the deserializer decrement the remaining depth
each time a tagged value is encountered to prevent
stack overflows caused by this recursion.
Small malicious input can cause this overflow,
therefore it is considered to be a security issue.

I'd like to thank Eric Rafaloff at Trail of Bits,
who discovered this issue during a code review,
for reporting it.

Add a test case.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant