W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Security concern about open range integers (was: Question about: 4.1.1 Integer representation)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 21 Oct 2013 14:15:18 -0700
Message-ID: <CABkgnnWyrgr9r4rxRramF1rJjeFp15CNGrNywqsDv7_jK=UFCA@mail.gmail.com>
To: Fred Akalin <akalin@google.com>
Cc: Roberto Peon <grmocg@gmail.com>, Frédéric Kayser <f.kayser@free.fr>, HTTP Working Group <ietf-http-wg@w3.org>
On 21 October 2013 14:03, Fred Akalin <akalin@google.com> wrote:
> I'm not sure I see the problem. While decoding a varint, you have to keep
> track of amount to right-shift the low 7 bits of the next octet. You can
> then check if doing so would overflow 32 bits, and abort if so.

If you want to use all the 32 bits, then you have to check what bits are set.

The bigger problem is the extra 2^N-1 you are required to add (255 for
an 8-bit prefix), which will cause an overflow if you aren't careful.
Hence the tricky little mask I used...
Received on Monday, 21 October 2013 21:15:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC