Is there a safe protobuf decoder? or do we need one?

Xiaohui Chen

unread,

Oct 13, 2020, 9:39:38 PM10/13/20

to Security-dev

Hi, security experts

There exists safe decoders for json, xml, images and few other data types [link], but I couldn't find one for protobuf. Is there a safe parser somewhere or protobuf format is good enough and considered safe to parse in general?

I can see building a general sandboxed protobuf parser challenging because it's strongly typed.

Thanks,

Xiaohui

Daniel Cheng

unread,

Oct 13, 2020, 10:03:25 PM10/13/20

to Xiaohui Chen, Robert Sesek, Security-dev

We consider protobuf to be robust enough to decode untrusted inputs even without sandboxing.

+Robert Sesek, should we document this somewhere?

Daniel

Xiaohui Chen

unread,

Oct 14, 2020, 1:02:32 PM10/14/20

to Daniel Cheng, Robert Sesek, Security-dev

Daniel,

Thanks for confirming! If there is no better place, a comment in the readme in decoder service would probably do. It was where I looked first.

Chris Palmer

unread,

Oct 14, 2020, 3:39:56 PM10/14/20

to Xiaohui Chen, Daniel Cheng, Robert Sesek, Security-dev

There, and/or the Rule Of 2 document.

Robert Sesek

unread,

Oct 19, 2020, 3:45:05 PM10/19/20

to Chris Palmer, Xiaohui Chen, Daniel Cheng, Security-dev

I’ll update the Ro2: https://chromium-review.googlesource.com/c/chromium/src/+/2486113

Xiaohui Chen

unread,

Oct 19, 2020, 4:36:19 PM10/19/20

to Robert Sesek, Chris Palmer, Daniel Cheng, Security-dev

Thanks! I forgot to circle back, that I have updated the README.md on data decoder service.

Reply all

Reply to author

Forward