Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deserialization security #2

Closed
ilblackdragon opened this issue Aug 17, 2019 · 0 comments · Fixed by #15
Closed

Deserialization security #2

ilblackdragon opened this issue Aug 17, 2019 · 0 comments · Fixed by #15
Assignees
@MaksymZavershynskyi

Comments

@ilblackdragon
Copy link
Member

We should add a suit of tests for security of deserialization, specifically:

  • Pass invalid Enum value
  • cc @frol Pass MAX INT length for arrays / strings / hashmaps (the memory allocation issues are preventable by simple check that if len > buf.len() { return Err() } )
  • non utf-8 string
  • missing part of the message
  • extra bytes after the message
@ilblackdragon ilblackdragon mentioned this issue Sep 13, 2019
Merged
@bowenwang1996 bowenwang1996 mentioned this issue Sep 22, 2019
Merged
voidxnull added a commit to zeropoolnetwork/borsh that referenced this issue Nov 26, 2020
@voidxnull
no_std progress near#2
a49c7fa 
It finally compiles but the design is not finalized.
bare-io and hashbrown are used as temporary (?) shims.
voidxnull added a commit to zeropoolnetwork/borsh that referenced this issue Nov 26, 2020
@voidxnull
no_std progress near#2
a3b77f7 
It finally compiles but the design is not finalized.
bare-io and hashbrown are used as temporary (?) shims.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MaksymZavershynskyi MaksymZavershynskyi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adding tests for invalid inputs near/borsh
2 participants
@ilblackdragon @MaksymZavershynskyi