Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

recursive from_msgpack implementation will stack overflow #537

Closed
xgzeng opened this issue Mar 28, 2017 · 4 comments
Closed

recursive from_msgpack implementation will stack overflow #537

xgzeng opened this issue Mar 28, 2017 · 4 comments
Labels
aspect: binary formats BSON, CBOR, MessagePack, UBJSON confirmed kind: bug solution: duplicate the issue is a duplicate; refer to the linked issue instead

Comments

@xgzeng
Copy link

xgzeng commented Mar 28, 2017
edited by nlohmann
Loading

from_msgpack function(etc) parses data recursively, which will cause stack overflow when process deep nested structure.
It will be DOS vulnerabilities, if we use library to process data from outside.

Following is example code to generate malicious data. msgpack_pack_array is not shown here.

for (int i = 0; i < 10000; ++i) {
    msgpack_pack_array(buffer, 1);
}
msgpack_pack_array(buffer, 0);
@nlohmann
Copy link
Owner

The same issue was detected for CBOR in #517.

@nlohmann nlohmann added the solution: duplicate the issue is a duplicate; refer to the linked issue instead label Mar 28, 2017
@xgzeng
Copy link
Author

xgzeng commented Mar 28, 2017

Should we just add a defaut parameter to restrict nesting level?
I think it suits most use case.

@nlohmann
Copy link
Owner

That would be an effective, yet ugly solution. I would rather have a non-recursive version that uses a stack internally so we can enforce a limit there.

@nlohmann
Copy link
Owner

Closed in favor of #517.

@nlohmann nlohmann added the aspect: binary formats BSON, CBOR, MessagePack, UBJSON label Mar 28, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aspect: binary formats BSON, CBOR, MessagePack, UBJSON confirmed kind: bug solution: duplicate the issue is a duplicate; refer to the linked issue instead
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nlohmann @xgzeng