[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support



There are 2 families of decoding functions within LZ4 :

1) LZ4_decompress_fast* : These decoding functions must be used with trusted sources only. They only guarantee that they will write exactly the size of output buffer, but cannot guarantee anything regarding input buffer, since its size is unknown. (by the way, the amount of bytes read into input buffer is the result of the function).

2) LZ4_decompress_safe* : These decoding functions are protected against malicious input. It resists fuzzer attack. This is the recommended choice for "general decompression usage".

Looking at the kernel code, at
the naming seems different, but both variants are still there :

lz4_decompress is the equivalent of LZ4_decompress_fast.
lz4_decompress_unknownoutputsize is the equivalent of LZ4_decompress_safe.

I would recommend to use the second one for untrusted sources.


Regards



2013/9/25 Ian Campbell <Ian.Campbell@xxxxxxxxxx>
On Tue, 2013-09-24 at 21:55 +0200, Yann Collet wrote:
> Consequently, a compressed-block of size 0 is not supposed to exist
> (break format).

Unfortunately an attacker is free to break the format. The question is
what will the decoder do when faced with such invalid inputs?

It seems like such concerns were not considered at all during
implementation? (which is fair enough, since the data stream is
implicitly trusted in the original target use case)

Ian.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.