diff options
author | Petteri Aimonen <jpa@git.mail.kapsi.fi> | 2016-06-06 21:07:28 +0300 |
---|---|---|
committer | Petteri Aimonen <jpa@git.mail.kapsi.fi> | 2016-06-06 21:07:28 +0300 |
commit | ed8ac90bd162bdbe284f7679f7ba45fa13e22bd1 (patch) | |
tree | f140056079584ed52bfecbce76c84e29af989c8f | |
parent | bb52a7a3e1802a65e2347f3a7a48c6fb3bdc47e4 (diff) |
Clarify security model with regard to pointer _count fields.
-rw-r--r-- | docs/security.rst | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/docs/security.rst b/docs/security.rst index 2d0affc5..d8546122 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -38,8 +38,11 @@ these will cause "garbage in, garbage out" behaviour. It will not cause buffer overflows, information disclosure or other security problems: 1. All data read from *pb_istream_t*. -2. All fields in message structures, except callbacks, pointers and extensions. - (Beginning with nanopb-0.2.4, in earlier versions the field sizes are partially unchecked.) +2. All fields in message structures, except: + + - callbacks (*pb_callback_t* structures) + - pointer fields (malloc support) and *_count* fields for pointers + - extensions (*pb_extension_t* structures) Invariants ========== |