RFC 1950/Inflator feedback needed
13 views
Skip to first unread message
Jeffrey Walton
May 10, 2017, 6:32:58 PM5/10/17
to Crypto++ Users
Hi Everyone,
We started fuzzing some of the reverse transformations, like Decryptors, Gunzip and Inflator. Inflator generated a finding at https://github.com/weidai11/cryptopp/issues/414. Our fix was to throw if the index looked bad. Also see https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e.
I know the fix avoids the error. The problem is, we may have hit with a sledge hammer when all we needed was some delicacy. Unfortunately, I don't know compressors and decompressors that well, so I'm not in a position to say.
My question is, is it possible to recover from the error? Can we size the tree table larger so that it can accommodate a 31-bit bit distance? Any Pull Requests?
Jeff
We started fuzzing some of the reverse transformations, like Decryptors, Gunzip and Inflator. Inflator generated a finding at https://github.com/weidai11/cryptopp/issues/414. Our fix was to throw if the index looked bad. Also see https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e.
I know the fix avoids the error. The problem is, we may have hit with a sledge hammer when all we needed was some delicacy. Unfortunately, I don't know compressors and decompressors that well, so I'm not in a position to say.
My question is, is it possible to recover from the error? Can we size the tree table larger so that it can accommodate a 31-bit bit distance? Any Pull Requests?
Jeff
Reply all
Reply to author
Forward
0 new messages