< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index  

RE: [reSIProcate] Parser validation issues


We have been using Protos as a preliminary test of the stack against malicious content, as well as some select test cases:

We should consider two issues:

1. MsgHeaderScanner should block messages that have clearly definable malicious content [for example - an integer field like Expires with 1000 characters of junk] - throwing an exception that can allow for logging and handling.

2. Consistent parsing behavior - There are a number of cases of inconsistent behavior - in the case of integer fields such as expires, 0aaaaaaaa will throw an exception, but aaaaaaa will fail the isdigit test on the first character and set the value to a default. There are similar problems in DnsUtil methods used for parsing ip addresses.

My suggestion is that we put this issue on the the agenda for the next coding party - for a systematic run through of the parser and its handling of a defined set of malformed content.

Protos and Codenomicon would be a very good, and easy to use, basis, although there are other fuzzing suites that would do the job.

Thanks

- Jeremy Barkan

 

 

Re: [reSIProcate] Parser validation issues

·         From: "david Butcher" <davidlbutcher@xxxxxxxxx>

·         Date: Mon, 8 May 2006 14:58:05 -0700


Contact "*" is a hack, but I grant your point. Not sure I agree that a
distinct type is warranted, but that is a reasonable solution.

 

As for the integer parsing, I agree it could/should be tightened. But
not sure the attack you propose is particularly scary; there is no
recursion.

 

thanks,
david


On 5/8/06, David Schwartz <David.Schwartz@xxxxxxxxxx> wrote:

Hi David