about summary refs log tree commit diff
path: root/users/Profpatsch/netencode/README.md (follow)
AgeCommit message (Collapse)AuthorFilesLines
2023-07-14 r/6424 fix(netencode/README): fix the example of ignored fieldsProfpatsch1-1/+1
Forgot this example when I changed the spec to ignore earlier duplicated fields. Change-Id: I9bc8d3e27201afd0d256aa4771b6420059fc68a7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8949 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2022-07-01 r/4270 docs(users/Profpatsch/netencode): Parser security considerationsProfpatsch1-0/+18
Netencode parsers should probably set an upper length limit. Change-Id: Ibe65f2b59058106b720867a83435bf45660f1adf Reviewed-on: https://cl.tvl.fyi/c/depot/+/5908 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2022-02-14 r/3822 feat(users/Profpatsch/netencode): ignore earlier record entriesProfpatsch1-1/+5
It turns out that the netencode spec requiring to ignore *later* entries meant that every parser has to do an extra check for each element, instead of just overriding the key in the hash map. This leads to a situation where the simple implementation is the wrong one, which would lead to very subtle problems in parsers (see also the infamous “json duplicate record entry” problem which has been used for various exploits in the past). To be fair, exploits are still possible, but at least a `Map.fromList` will be the right implementation (provided it folds from the left) now instead of the wrong one. Examples of the trivial implementation being now right: Python: > dict([("foo", 1), ("foo", 2)]) {'foo': 2} Rust: > println!("{:?}", HashMap::from([ ("foo", 1), ("foo", 2) ])); {"foo": 2} Haskell: > Data.Map.fromList [ ("foo", 1), ("foo", 2) ] fromList [("foo",2)] Change-Id: Ife9593956f4718e5e720f4f348c227e4f3a71e2d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5108 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: Profpatsch <mail@profpatsch.de>
2021-11-13 r/3051 docs(users/Profpatsch/netencode): fix typoProfpatsch1-1/+1
Change-Id: I7edb9027c0a9eb014931033760be5f3d6e734b8a Reviewed-on: https://cl.tvl.fyi/c/depot/+/3845 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-01-23 r/2139 feat(users/Profpatsch/netencode): rename spec -> READMEProfpatsch1-0/+111
Change-Id: I0afda1c3705b8789cf6a0c57f7b74d005deb4ff5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2433 Reviewed-by: Profpatsch <mail@profpatsch.de> Tested-by: BuildkiteCI
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-04-25T05·44+0000