[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
limiting the ber decoder recursion
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
limiting the ber decoder recursion |
|
Date: |
Thu, 4 Jan 2018 18:07:26 +0100 |
It seems that the BER decoder logic in _asn1_decode_simple_ber() uses
recursion to handle the indefinite string encoding. That is when the
length is not provided on the BER TLV encoding, and the decoder is
expected to go through a set of TLV pairs terminated by 0x00, 0x00.
That also means that the TLV pairs encapsulated within the indefinite
encoding, could employ indefinite encoding as well, requiring a
recursive handling of these cases.
However, that also means that a specially crafted structure, could
cause stack exhaustion on the BER decoder, leading the application to
crash. I have a patch set addressing that by introducing a limit of
3-levels of recursion, although that is a bit arbitrary. I have seen
on the wild encodings which involve 1-level of recursion, however,
I've never seen 2 or 3 levels for BER encodings. Are there any
concerns related to other implementations or structures produced by
other encoders?
regards,
Nikos
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- limiting the ber decoder recursion,
Nikos Mavrogiannopoulos <=