Re: [Cellar] Security considerations: recursive elements

[Michael Niedermayer <michael@niedermayer.cc>]

On Wed, Jan 17, 2018 at 12:33:17PM -0800, Michael Bradshaw wrote:
> The EBML and Matroska specs currently don't mention the possibility of a
> stack overflow due to deeply nested recursive elements. Currently, there's
> no limit on the recursion depth (unless I've overlooked it somewhere).
> 
> I think it would be worth adding to the security section of EBML that one
> type of attack on an EBML Reader could include deep element recursion.
> 

> Additionally, I would like to see what people think about potentially
> adding/suggesting an upper limit on recursion (either as a MUST or a MAY).
> This could also include a lower limit too. For example, something like "a
> parser SHOULD handle recursion up to X levels deep, and MAY abort the parse
> if it reaches Y levels deep".

If a limit is specified then theres a limit that every compliant parser
must support and which a compliant muxer can use.

If no such limit is specified then it is possible that in a system where
all parts are specification compliant and otherwise compatible it doesnt work.

So I think its more a question about what/when compatibility is guranteed
/ what compatibility we want the specification to gurantee
from that it follows if we need a limit in the specification/draft or not

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If a bugfix only changes things apparently unrelated to the bug with no
further explanation, that is a good sign that the bugfix is wrong.