summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetteri Aimonen <jpa@git.mail.kapsi.fi>2016-06-06 21:07:28 +0300
committerPetteri Aimonen <jpa@git.mail.kapsi.fi>2016-06-06 21:07:28 +0300
commited8ac90bd162bdbe284f7679f7ba45fa13e22bd1 (patch)
treef140056079584ed52bfecbce76c84e29af989c8f
parentbb52a7a3e1802a65e2347f3a7a48c6fb3bdc47e4 (diff)
Clarify security model with regard to pointer _count fields.
-rw-r--r--docs/security.rst7
1 files changed, 5 insertions, 2 deletions
diff --git a/docs/security.rst b/docs/security.rst
index 2d0affc5..d8546122 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -38,8 +38,11 @@ these will cause "garbage in, garbage out" behaviour. It will not cause
buffer overflows, information disclosure or other security problems:
1. All data read from *pb_istream_t*.
-2. All fields in message structures, except callbacks, pointers and extensions.
- (Beginning with nanopb-0.2.4, in earlier versions the field sizes are partially unchecked.)
+2. All fields in message structures, except:
+
+ - callbacks (*pb_callback_t* structures)
+ - pointer fields (malloc support) and *_count* fields for pointers
+ - extensions (*pb_extension_t* structures)
Invariants
==========