IETF Logo Mail Archive

Re: [Cellar] Security considerations: recursive elements

Dave Rice <dave@dericed.com> Thu, 18 January 2018 14:27 UTC

Return-Path: <dave@dericed.com>
X-Original-To: cellar@ietfa.amsl.com
Delivered-To: cellar@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B81F0126E3A for <cellar@ietfa.amsl.com>; Thu, 18 Jan 2018 06:27:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zsRgah0YV6UY for <cellar@ietfa.amsl.com>; Thu, 18 Jan 2018 06:27:04 -0800 (PST)
Received: from server172-2.web-hosting.com (server172-2.web-hosting.com [68.65.122.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C5071205D3 for <cellar@ietf.org>; Thu, 18 Jan 2018 06:27:04 -0800 (PST)
Received: from [146.96.19.240] (port=21438 helo=[10.10.201.39]) by server172.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from <dave@dericed.com>) id 1ecB9f-0004T4-Cq; Thu, 18 Jan 2018 09:27:03 -0500
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Dave Rice <dave@dericed.com>
X-Priority: 3
In-Reply-To: <r470Ps-10116i-C973C40609B34F82856AB808D23D028C@castor.home>
Date: Thu, 18 Jan 2018 09:26:57 -0500
Cc: Codec Encoding for LossLess Archiving and Realtime transmission <cellar@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8F278A6D-2EBC-4A8E-9C55-22E2E1230768@dericed.com>
References: <r470Ps-10116i-C973C40609B34F82856AB808D23D028C@castor.home>
To: Reto Kromer <lists@reto.ch>
X-Mailer: Apple Mail (2.3273)
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server172.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - dericed.com
X-Get-Message-Sender-Via: server172.web-hosting.com: authenticated_id: dave@dericed.com
X-Authenticated-Sender: server172.web-hosting.com: dave@dericed.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/QZ_NRmNVVgpxY4Nnz7h2sBWu95k>
Subject: Re: [Cellar] Security considerations: recursive elements
X-BeenThere: cellar@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cellar>, <mailto:cellar-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar/>
List-Post: <mailto:cellar@ietf.org>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cellar>, <mailto:cellar-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2018 14:27:06 -0000

> On Jan 18, 2018, at 3:22 AM, Reto Kromer <lists@reto.ch> wrote:
> 
> Michael Bradshaw wrote:
> 
>> Setting a maximum
>> let's muxers know that if they exceed it, they run the risk of
>> making a file that some readers can't (fully) play.
> 
> Sorry, I do not support the idea of fixing a maximum value here,
> because, in my opinion, it's an useless limitation.

Since Matroska uses an EBMLMaxSizeLength of 8, then after reserving space for the other required elements, then it’s feasible to have a valid Matroska file with a recursive Chapter Atom Element to the depth of 36,028,797,018,963,944. But Chapter Atom recursion to 36,028,797,018,963,945 is not possible in Matroska (maybe try another container for this requirement).
Dave Rice

v2.23.0 | Report a Bug | By Email