deserialize: prevent unbound allocation #129
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
With a crafted input, a malformed data of just four bytes may lead to allocation of 4 GiB. This may lead to OOM on constrained environments (e.g. inside of a container with memory limits set or on 32-bit machines). (This once again shows Rust desperately needs full specialisation. We may dream of time that it ever comes…)
|
See also near/nearcore#8562 |
mina86
added a commit
to mina86/nearcore
that referenced
this pull request
Feb 21, 2023
This is re-application of commit b8196b1 with the same subject alas this time borsh is updated to 0.10.2. Previous attempt to update the dependency was reverted becauses of potential DOS which was addressed in borsh 0.10.2 (see <near/borsh-rs#129>). Like before, the update is mostly just a matter of replacing deserialize function in BorshDeserialize implementation by deserialize_reader. In a few of existing custom implementations for (de)serialization could be removed alltogether.
mina86
added a commit
to mina86/nearcore
that referenced
this pull request
Feb 21, 2023
This is re-application of commit b8196b1 with the same subject alas this time borsh is updated to 0.10.2. Previous attempt to update the dependency was reverted becauses of potential DOS which was addressed in borsh 0.10.2 (see <near/borsh-rs#129>). Like before, the update is mostly just a matter of replacing deserialize function in BorshDeserialize implementation by deserialize_reader. In a few of existing custom implementations for (de)serialization could be removed alltogether.
mina86
added a commit
to mina86/nearcore
that referenced
this pull request
Feb 21, 2023
This is re-application of commit b8196b1 with the same subject alas this time borsh is updated to 0.10.2. Previous attempt to update the dependency was reverted becauses of potential DOS which was addressed in borsh 0.10.2 (see <near/borsh-rs#129>). Like before, the update is mostly just a matter of replacing deserialize function in BorshDeserialize implementation by deserialize_reader. In a few of existing custom implementations for (de)serialization could be removed alltogether.
mina86
added a commit
to mina86/nearcore
that referenced
this pull request
Feb 21, 2023
This is re-application of commit b8196b1 with the same subject alas this time borsh is updated to 0.10.2. Previous attempt to update the dependency was reverted becauses of potential DOS which was addressed in borsh 0.10.2 (see <near/borsh-rs#129>). Like before, the update is mostly just a matter of replacing deserialize function in BorshDeserialize implementation by deserialize_reader. In a few of existing custom implementations for (de)serialization could be removed alltogether.
mina86
added a commit
to mina86/nearcore
that referenced
this pull request
Feb 21, 2023
This is re-application of commit b8196b1 with the same subject alas this time borsh is updated to 0.10.2. Previous attempt to update the dependency was reverted becauses of potential DOS which was addressed in borsh 0.10.2 (see <near/borsh-rs#129>). Like before, the update is mostly just a matter of replacing deserialize function in BorshDeserialize implementation by deserialize_reader. In a few of existing custom implementations for (de)serialization could be removed alltogether.
near-bulldozer bot
pushed a commit
to near/nearcore
that referenced
this pull request
Feb 21, 2023
This is re-application of commit b8196b1 with the same subject alas this time borsh is updated to 0.10.2. Previous attempt to update the dependency was reverted becauses of potential DOS which was addressed in borsh 0.10.2 (see <near/borsh-rs#129>). Like before, the update is mostly a matter of replacing deserialize function in BorshDeserialize implementations by deserialize_reader. In a few of existing custom implementations for (de)serialization could be removed altogether.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With a crafted input, a malformed data of just four bytes may lead to
allocation of 4 GiB. This may lead to OOM on constrained environments
(e.g. inside of a container with memory limits set or on 32-bit
machines).
(This once again shows Rust desperately needs full specialisation. We
may dream of time that it ever comes…)