BigfootDev/flatbuffers
1
0
Fork 1
mirror of https://github.com/google/flatbuffers.git synced 2026-06-19 18:05:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improved the verifier to be even more resilient.

Browse Source 
Theoretically, an attacker could construct a FlatBuffer with the
sole purpose of making verification really expensive, essentially
DOS-ing a server that uses verification on FlatBuffers. This adds
a max table depth and max table amount at which point the
verifier declares the buffer malformed.

Bug: 16301336
Change-Id: I6b098c31d030d24c19e852b33609110658e66aa9
Tested: on OS X
This commit is contained in:
Wouter van Oortmerssen
2014-08-21 17:00:54 -07:00
parent ffb3dec573
commit 11b743688c
4 changed files with 51 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/monster_test_generated.h
View File

@@ -43,7 +43,7 @@ inline const char **EnumNamesAny() {
inline const char *EnumNameAny(int e) { return EnumNamesAny()[e]; }
bool VerifyAny(const flatbuffers::Verifier &verifier, const void *union_obj, uint8_t type);
bool VerifyAny(flatbuffers::Verifier &verifier, const void *union_obj, uint8_t type);
MANUALLY_ALIGNED_STRUCT(2) Test {
private:
@@ -102,8 +102,8 @@ struct Monster : private flatbuffers::Table {
const flatbuffers::Vector<uint8_t> *testnestedflatbuffer() const { return GetPointer<const flatbuffers::Vector<uint8_t> *>(30); }
const Monster *testnestedflatbuffer_nested_root() { return flatbuffers::GetRoot<Monster>(testnestedflatbuffer()->Data()); }
const Monster *testempty() const { return GetPointer<const Monster *>(32); }
bool Verify(const flatbuffers::Verifier &verifier) const {
return VerifyTable(verifier) &&
bool Verify(flatbuffers::Verifier &verifier) const {
return VerifyTableStart(verifier) &&
VerifyField<Vec3>(verifier, 4 /* pos */) &&
VerifyField<int16_t>(verifier, 6 /* mana */) &&
VerifyField<int16_t>(verifier, 8 /* hp */) &&
@@ -128,7 +128,8 @@ struct Monster : private flatbuffers::Table {
VerifyField<flatbuffers::uoffset_t>(verifier, 30 /* testnestedflatbuffer */) &&
verifier.Verify(testnestedflatbuffer()) &&
VerifyField<flatbuffers::uoffset_t>(verifier, 32 /* testempty */) &&
verifier.VerifyTable(testempty());
verifier.VerifyTable(testempty()) &&
verifier.EndTable();
}
};
@@ -187,7 +188,7 @@ inline flatbuffers::Offset<Monster> CreateMonster(flatbuffers::FlatBufferBuilder
return builder_.Finish();
}
bool VerifyAny(const flatbuffers::Verifier &verifier, const void *union_obj, uint8_t type) {
bool VerifyAny(flatbuffers::Verifier &verifier, const void *union_obj, uint8_t type) {
switch (type) {
case Any_NONE: return true;
case Any_Monster: return verifier.VerifyTable(reinterpret_cast<const Monster *>(union_obj));
@@ -197,7 +198,7 @@ bool VerifyAny(const flatbuffers::Verifier &verifier, const void *union_obj, uin
inline const Monster *GetMonster(const void *buf) { return flatbuffers::GetRoot<Monster>(buf); }
inline bool VerifyMonsterBuffer(const flatbuffers::Verifier &verifier) { return verifier.VerifyBuffer<Monster>(); }
inline bool VerifyMonsterBuffer(flatbuffers::Verifier &verifier) { return verifier.VerifyBuffer<Monster>(); }
inline void FinishMonsterBuffer(flatbuffers::FlatBufferBuilder &fbb, flatbuffers::Offset<Monster> root) { fbb.Finish(root, "MONS"); }