motoko icon indicating copy to clipboard operation
motoko copied to clipboard
verified publisher icon dfinity

Prevent candid space bombs

Open nomeata opened this issue 2 years ago • 2 comments

The Candid spec has been updated (https://togithub.com/dfinity/candid/issues/434) and now the test suite now longer passes (https://github.com/dfinity/motoko/pull/4013). Someone needs to update Motoko.

This needs a new counter during decoding. We don't actually need a predicate for “zero size type”, it should suffice (and be simpler) to notice when the buffer pointer did not get moved.

This needs to happen also in the skipping code in the rust rts, I believe. I ought to double check if the spec is clear about that and whether the test suite covers both variants (space bomb in ignored and not-ignored parts of the message.)

Candid spec compliance is presumably kinda important, if only because it looks odd if not; so maybe worth putting on the internal JIRA?

nomeata avatar Jun 01 '23 05:06 nomeata

The test suite covers both the skipped case and non-skipped case. The spec says to check the length on the wire, not on the expected type.

chenyan-dfinity avatar Jun 01 '23 16:06 chenyan-dfinity

Sorry, I never noticed this issue. Will take a look soonish.

crusso avatar Jul 04 '23 10:07 crusso