Re: Security concern about open range integers (was: Question about: 4.1.1 Integer representation)

On 20 October 2013 23:24, Fred Akalin <> wrote:
> I think it's worth mentioning explicit upper bounds in the spec. Something
> like any decoded varint must fit in 32 bits.

I don't think that it makes sense to have a single maximum.  Fitting
the result into 32bits might be a nice goal, but that requires that
you use only 6 octets of encoded length and make sure that it fits the
mask 0xff 0x80 0xC0 0xff 0xff 0x0f.  Or maybe 0xff 0x80 0xC0 0xff 0xff
0x0f7 if you are sign-bit averse.  But only if that last byte has the
0x08 or 0x04 bit set.  That is yucky.  The alternative leaves you
vulnerable to other attacks, especially the one where you get a long
series of 0x80 bytes.

Received on Monday, 21 October 2013 17:23:37 UTC