Are protocol buffers hardened?

[JoelKatz]

I've been searching for information about protocol buffers and security or hardening and cannot seem to find anything. Assuming I have an appropriate container protocol and have what purports to be a protocol buffer structure, can I safely decode it? Has the protocol been designed to withstand maliciously-constructed data and does the implementation protect against that? I cannot find any documentation suggesting that protocol buffers are safe to use between applications that do not trust each other. Is the protocol buffers implementation safe from things like buffer overflow and memory exhaustion attacks? (The encapsulation protocol protects against overly-long objects, but that's about all it can do.)

JK

[Jason Hsueh]

There was a review specifically for security issues before the code was released. For at least the C++ and Java implementations, there are various safeguards to protect against corrupt or malicious data. There are limits on the overall message size provided by the protobuf library as well (CodedInputStream::SetTotalBytesLimit); it also provides a recursion limit to prevent deeply nested messages from blowing the stack. There are other internal implementation details to avoid things like memory exhaustion (most specifically from receiving messages that indicate a huge length-delimited value).

On Thu, May 3, 2012 at 3:31 PM, JoelKatz <davidjoe...@gmail.com> wrote:

I've been searching for information about protocol buffers and security or hardening and cannot seem to find anything. Assuming I have an appropriate container protocol and have what purports to be a protocol buffer structure, can I safely decode it? Has the protocol been designed to withstand maliciously-constructed data and does the implementation protect against that? I cannot find any documentation suggesting that protocol buffers are safe to use between applications that do not trust each other. Is the protocol buffers implementation safe from things like buffer overflow and memory exhaustion attacks? (The encapsulation protocol protects against overly-long objects, but that's about all it can do.)

JK

--
You received this message because you are subscribed to the Google Groups "Protocol Buffers" group.
To view this discussion on the web visit https://groups.google.com/d/msg/protobuf/-/0akRpO15zWsJ.
To post to this group, send email to prot...@googlegroups.com.
To unsubscribe from this group, send email to protobuf+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/protobuf?hl=en.