Steffen Nurpmeso wrote in <20250130205056.3vIwoke8@steffen%sdaoden.eu>: |John Levine wrote in | <20250130180421.7c392ba8f...@ary.qy>: ||It appears that Jim Fenton <fen...@bluepopcorn.net> said: ... ||>otherwise you don’t know that the mutation doesn’t contain harmful/u\ ||>nwanted ||>content (barring some magic AI thing perhaps). || ||I think the idea is that malicious mutations are likely to be rare, \ ... |- first the header is decompressed, and "verified" | (patch_parse_header()); Thereafter you know about "sane values" | there, and that the result will fit in the ~31-bit memory limit, | |-- (For email you could, if you drive it directly, ensure some | upper memory limit, ie, one that relates to your allowed maximum | email size, by looking at the content of the parsed header, likely | s_bsdipa_header::h_before_len thus); hmm, maybe the perl module | should offer the possibility to specify an optional limit!)
I tell you what, i have added s_bsdipa_patch_ctx::pc_max_allowed_restored_len so that the memory size of the restored data can be constrained. Also in perl module, of course (unit test is only through it). Just pushed. |- next the decompressed data is parsed with patch(), which | verifies each and every step (original FreeBSD variant still has | a security attack vector .. i then created issue 284472 for | that) in order to avoid bad memory accesses etc. | |So then you have the restored content, whatever that is. |If DKIM signature verification on that restored data is |successful, there is nothing that can be done about that. ... --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | |In Fall and Winter, feel "The Dropbear Bard"s pint(er). | |The banded bear |without a care, |Banged on himself for e'er and e'er | |Farewell, dear collar bear _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
