Skip to content

Check preconditions for fromDistinctAscList #20

Closed
wants to merge 2 commits into from

3 participants

@roconnor
roconnor commented Nov 8, 2013

Check preconditions for fromDistinctAscList to prevent

http://justinleitgeb.com/haskell/mind-bending-behavior-for-deserialization-in-haskell/

and the security exploits that will surely follow from it.

@elliottt elliottt added a commit that referenced this pull request Nov 8, 2013
@elliottt elliottt Prevent parsing non-ordered containers
This comes from the discussion of this pull request:

#20

It was pointed out that fromList on the containers will do the same check
internally that the pull request implements, so it seemed sensible to just
use that instead of replicate its functionality here.
09dd4f4
@elliottt
Galois, Inc. member
elliottt commented Nov 8, 2013

Thanks for the patch.

glguy pointed out to me that fromList on the containers will do the ordered check automatically, and dispatch to fromDistinctAscList when appropriate. As such, I've pushed a change that uses fromList instead, removing additional logic from cereal.

@elliottt elliottt closed this Nov 8, 2013
@roconnor
@elliottt
Galois, Inc. member
elliottt commented Nov 8, 2013

Excellent. I've pushed an updated version of cereal as version 0.4.0.1.

@mamash mamash pushed a commit to joyent/pkgsrc-wip that referenced this pull request Nov 9, 2013
szptvlfn Update to 0.4.0.1
changes:
0.4.0.1
 - Prevent parsing non-ordered containers
    This comes from the discussion of this pull request:
    GaloisInc/cereal#20

    It was pointed out that fromList on the containers will do the same check
    internally that the pull request implements, so it seemed sensible to just
    use that instead of replicate its functionality here.
20a96d7
@co-dan
co-dan commented Nov 13, 2013

I know that this has been closed and merged, but can someone please explain to me why is this actually a bug?

I can agree that it would be nice to get an error when de-serializing to a wrong type, but IMHO you shouldn't be able just to de-serialize a map from an arbitrary list of tuples.

@roconnor

The bug is that it is wrong to call a function, such as fromDistinctAscList, that has a precondition without either (a) ensuring that the preconditions is met or (b) propagating the precondition out to the documentation of decode. Generally speaking, (a) is preferred to (b). Even better than (a) is to not call such functions at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.