[Caml-list] Does Marshal handle malicious data?

Mailing list for all users of the OCaml language and system.
 help / color / mirror / Atom feed

* [Caml-list] Does Marshal handle malicious data?
@ 2002-03-05 22:56 Charles Martin
  2002-03-06  3:28 ` Brian Rogoff
  2002-03-06 10:59 ` Xavier Leroy
  0 siblings, 2 replies; 5+ messages in thread
From: Charles Martin @ 2002-03-05 22:56 UTC (permalink / raw)
  To: caml-list

Will the standard Marshal library correctly generate an exception for malicious data?  Or is it possible that it will cause a core dump, read past end of string, etc?

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Caml-list] Does Marshal handle malicious data?
  2002-03-05 22:56 [Caml-list] Does Marshal handle malicious data? Charles Martin
@ 2002-03-06  3:28 ` Brian Rogoff
  2002-03-06 10:59 ` Xavier Leroy
  1 sibling, 0 replies; 5+ messages in thread
From: Brian Rogoff @ 2002-03-06  3:28 UTC (permalink / raw)
  To: Charles Martin; +Cc: caml-list

On Tue, 5 Mar 2002, Charles Martin wrote:
> Will the standard Marshal library correctly generate an exception for
> malicious data?  Or is it possible that it will cause a core dump, read
> past end of string, etc?

You can get a core dump from improper use of marshalling without
"malicious" use. I've had it happen by simply changing a data format and
using the wrong version of the program read it back in.

You can increase the safety by various tricks in your reader, but I don't
think there are any simple idiot proof solutions. I'm a pretty clever
idiot.

-- Brian
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Caml-list] Does Marshal handle malicious data?
  2002-03-05 22:56 [Caml-list] Does Marshal handle malicious data? Charles Martin
  2002-03-06  3:28 ` Brian Rogoff
@ 2002-03-06 10:59 ` Xavier Leroy
  2002-03-06 14:10   ` Brian Rogoff
  1 sibling, 1 reply; 5+ messages in thread
From: Xavier Leroy @ 2002-03-06 10:59 UTC (permalink / raw)
  To: Charles Martin; +Cc: caml-list

> Will the standard Marshal library correctly generate an exception
> for malicious data?  Or is it possible that it will cause a core
> dump, read past end of string, etc?

No, unmarshaling is not hardened against bad data (except checking the
initial magic number).  So, corrupted data can cause all the bad
things that you mentioned (core dump, etc).

Gracefully recovering from bad data could be implemented, but at
significant run-time cost.  An alternative is to use message
authentication codes and the like to guarantee the integrity of the
data.

- Xavier Leroy
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Caml-list] Does Marshal handle malicious data?
  2002-03-06 10:59 ` Xavier Leroy
@ 2002-03-06 14:10   ` Brian Rogoff
  2002-03-07  8:59     ` Xavier Leroy
  0 siblings, 1 reply; 5+ messages in thread
From: Brian Rogoff @ 2002-03-06 14:10 UTC (permalink / raw)
  To: Xavier Leroy; +Cc: Charles Martin, caml-list

On Wed, 6 Mar 2002, Xavier Leroy wrote:
> Gracefully recovering from bad data could be implemented, but at
> significant run-time cost.  An alternative is to use message
> authentication codes and the like to guarantee the integrity of the
> data.

I've thought that it may be useful to have a Sys.version or similar
to use in such authentication codes, since I do exactly what you
mention and ensuring integrity across compiler versions is an issue.
Opinions?

-- Brian
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Caml-list] Does Marshal handle malicious data?
  2002-03-06 14:10   ` Brian Rogoff
@ 2002-03-07  8:59     ` Xavier Leroy
  0 siblings, 0 replies; 5+ messages in thread
From: Xavier Leroy @ 2002-03-07  8:59 UTC (permalink / raw)
  To: Brian Rogoff; +Cc: Charles Martin, caml-list

> I've thought that it may be useful to have a Sys.version or similar
> to use in such authentication codes, since I do exactly what you
> mention and ensuring integrity across compiler versions is an issue.
> Opinions?

Damien Doligez heard you :-)  The working sources have Sys.ocaml_version,
which is a string giving the version number and additional info.

- Xavier Leroy
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2002-03-07  9:23 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-03-05 22:56 [Caml-list] Does Marshal handle malicious data? Charles Martin
2002-03-06  3:28 ` Brian Rogoff
2002-03-06 10:59 ` Xavier Leroy
2002-03-06 14:10   ` Brian Rogoff
2002-03-07  8:59     ` Xavier Leroy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox