From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 8343 invoked by alias); 10 Dec 2018 15:31:10 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 7741 invoked by uid 89); 10 Dec 2018 15:31:09 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=BAYES_00,KAM_NUMSUBJECT,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=machines, H*f:sk:fca558b, H*f:sk:B6beozo, H*f:sk:2f4c983 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 10 Dec 2018 15:31:08 +0000 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 09A1485546; Mon, 10 Dec 2018 15:31:07 +0000 (UTC) Received: from [10.36.117.9] (ovpn-117-9.ams2.redhat.com [10.36.117.9]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A177B60C60; Mon, 10 Dec 2018 15:31:04 +0000 (UTC) Subject: Re: [PATCH] Set DEMANGLE_RECURSION_LIMIT to 1536 To: David Malcolm , Michael Matz Cc: Ian Lance Taylor , "H.J. Lu" , Pedro Alves , Richard Guenther , Jakub Jelinek , sgayou@redhat.com, Tom Tromey , GCC Patches , Binutils , Jason Merrill References: <87muprdko7.fsf@redhat.com> <20181130084211.GX12380@tucnak> <173817ca-0aa0-e1a2-6725-37e079ead545@redhat.com> <20181130140330.GA12380@tucnak> <460cb971-0e21-1e3e-4920-8b3ee7290cf7@redhat.com> <736e8303-b724-f96d-54f5-46bff99fa34d@redhat.com> <57d33aa7-4e37-a09c-4bdc-974b5f654d33@redhat.com> <2f4c983b-494f-93ba-d6c6-1fe0a9730a76@redhat.com> <1544455085.4619.179.camel@redhat.com> From: Nick Clifton Openpgp: preference=signencrypt Message-ID: <5ed84666-9081-2bd5-bb82-24093a4b1f71@redhat.com> Date: Mon, 10 Dec 2018 15:31:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 MIME-Version: 1.0 In-Reply-To: <1544455085.4619.179.camel@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2018-12/txt/msg00585.txt.bz2 Hi David, > Apologies in advance if this has been covered, as I've only been half- > watching this thread, but is it always the case that the recursion > depth can be bounded by some scalar multiple of the number of > characters in the name? Probably, but the point of this patch is to add a fixed limit that prevents too much recursion from being performed. The CVEs that I have been trying to fix have been using mangled names with 20K-30K characters in them, so creating a recursion limit based on the length of the input would not prevent the stack exhaustion. :-( My hope is that we can choose a value that will allow any realistic mangled name to be decoded, but which will prevent these fuzzers from generating arbitrary length strings which exhaust the machines resources. Cheers Nick