< Previous by Date | Date Index | Next by Date > |
< Previous in Thread | Thread Index |
We have been using Protos as a preliminary test of the stack against malicious content, as well as some select test cases: We should consider two issues: 1. MsgHeaderScanner should block messages that have clearly definable malicious content [for example - an integer field like Expires with 1000 characters of junk] - throwing an exception that can allow for logging and handling. 2. Consistent parsing behavior - There are a number of cases of inconsistent behavior - in the case of integer fields such as expires, 0aaaaaaaa will throw an exception, but aaaaaaa will fail the isdigit test on the first character and set the value to a default. There are similar problems in DnsUtil methods used for parsing ip addresses. My suggestion is that we put this issue on the the agenda for the next coding party - for a systematic run through of the parser and its handling of a defined set of malformed content. Protos and Codenomicon would be a very good, and easy to use, basis, although there are other fuzzing suites that would do the job. Thanks - Jeremy Barkan
Re: [reSIProcate] Parser validation issues · From: "david Butcher" <davidlbutcher@xxxxxxxxx> · Date: Mon, 8 May 2006 14:58:05 -0700 Contact "*" is a hack, but I grant your point. Not sure I agree that a distinct type is warranted, but that is a reasonable solution.
As for the integer parsing, I agree it could/should be tightened. But not sure the attack you propose is particularly scary; there is no recursion.
thanks, david
Hi David |