Skip to content

Add guardrail setting for TypeParser handling of type parameters #4011

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cowtowncoder opened this issue Jul 4, 2023 · 0 comments
Closed

Add guardrail setting for TypeParser handling of type parameters #4011

cowtowncoder opened this issue Jul 4, 2023 · 0 comments
Milestone
2.16.0

Comments

@cowtowncoder
Copy link
Member

(note: related to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60233)

Looks like TypeParser could benefit from limiting depth of type parameters handled for the rare cases where type parameters are included (only for, I think, EnumMap/EnumSet or such). This is not an exploitable attack vector of its own (since it is only used for specific cases for polymorphic deserialization with class names as type id) but seems like we might as well prevent any chance of corrupt input (... like created by fuzzer :) ) of producing SOEs.
So more for Fuzzer hygieny than anything else.

If simple/safe enough to target 2.15 try there; if not, 2.16.
@cowtowncoder cowtowncoder added to-evaluate Issue that has been received but not yet evaluated 2.16 and removed to-evaluate Issue that has been received but not yet evaluated labels Jul 4, 2023
@cowtowncoder cowtowncoder added this to the 2.16.0 milestone Jul 5, 2023
cowtowncoder added a commit that referenced this issue Jul 5, 2023
@cowtowncoder
Fix #4011: add maximum length, nesting limits for canonical type defi…
de39d4d 
…nitions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.16.0
Development

No branches or pull requests
1 participant
@cowtowncoder