[reSIProcate] Parser validation issues

[Jeremy Barkan]

We have been using Protos as a preliminary test of the stack against
malicious content, as well as some select test cases:

We should consider two issues:

1. MsgHeaderScanner should block messages that have clearly definable
malicious content [for example - an integer field like Expires with 1000
characters of junk] - throwing an exception that can allow for logging and
handling.

2. Consistent parsing behavior - There are a number of cases of inconsistent
behavior - in the case of integer fields such as expires, 0aaaaaaaa will
throw an exception, but aaaaaaa will fail the isdigit test on the first
character and set the value to a default. There are similar problems in
DnsUtil methods used for parsing ip addresses.

My suggestion is that we put this issue on the the agenda for the next
coding party - for a systematic run through of the parser and its handling
of a defined set of malformed content.

Protos and Codenomicon would be a very good, and easy to use, basis,
although there are other fuzzing suites that would do the job.

Thanks

- Jeremy Barkan

 

 

Re: [reSIProcate] Parser validation issues

*         From: "david Butcher" < <mailto:davidlbutcher at DOMAIN.HIDDEN>
davidlbutcher at xxxxxxxxx> 

*         Date: Mon, 8 May 2006 14:58:05 -0700 

  _____  

Contact "*" is a hack, but I grant your point. Not sure I agree that a
distinct type is warranted, but that is a reasonable solution.

 

As for the integer parsing, I agree it could/should be tightened. But
not sure the attack you propose is particularly scary; there is no
recursion.

 

thanks,
david


On 5/8/06, David Schwartz <David.Schwartz at xxxxxxxxxx> wrote: 

Hi David

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20060510/695e879f/attachment.htm>