[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
From: Yann Collet <yann.collet.73@xxxxxxxxx>
Date: Wed, 25 Sep 2013 10:06:29 +0200
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
Delivery-date: Wed, 25 Sep 2013 11:55:30 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

There are 2 families of decoding functions within LZ4 :

1) LZ4_decompress_fast* : These decoding functions must be used with trusted sources only. They only guarantee that they will write exactly the size of output buffer, but cannot guarantee anything regarding input buffer, since its size is unknown. (by the way, the amount of bytes read into input buffer is the result of the function).

2) LZ4_decompress_safe* : These decoding functions are protected against malicious input. It resists fuzzer attack. This is the recommended choice for "general decompression usage".

Looking at the kernel code, at

https://github.com/torvalds/linux/blob/master/lib/lz4/lz4_decompress.c

the naming seems different, but both variants are still there :

lz4_decompress is the equivalent of LZ4_decompress_fast.

lz4_decompress_unknownoutputsize is the equivalent of LZ4_decompress_safe.

I would recommend to use the second one for untrusted sources.

Regards

2013/9/25 Ian Campbell <Ian.Campbell@xxxxxxxxxx>

On Tue, 2013-09-24 at 21:55 +0200, Yann Collet wrote:
> Consequently, a compressed-block of size 0 is not supposed to exist
> (break format).

Unfortunately an attacker is free to break the format. The question is
what will the decoder do when faced with such invalid inputs?

It seems like such concerns were not considered at all during
implementation? (which is fair enough, since the data stream is
implicitly trusted in the original target use case)

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH 0/2] add LZ4 kernel decompression support
  - From: Jan Beulich
- [Xen-devel] [PATCH 2/2] libxc: add LZ4 decompression support
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 2/2] libxc: add LZ4 decompression support
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH 2/2] libxc: add LZ4 decompression support
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 2/2] libxc: add LZ4 decompression support
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH 2/2] libxc: add LZ4 decompression support
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH 2/2] libxc: add LZ4 decompression support
  - From: Jan Beulich
- [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support
  - From: Yann Collet
- Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support
  - From: Ian Campbell

Prev by Date: Re: [Xen-devel] How does credit_2 scheduler weighting work?
Next by Date: Re: [Xen-devel] [PATCH 17/28] libxl: gettimeofday doesn't return an errno on failure
Previous by thread: Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support
Next by thread: Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.