Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
aaviator42 3 days ago

An argument for a better defined file format specification perhaps, but I don't think it's necessarily a good thing for everyone to use or have to use the same implementation.

socalgal2 3 days ago | parent | next [-]

As someone who works on specs that are shared across different organizations' implementations, you can write all the specs you want but no conformance tests = no conformance.

aaviator42 3 days ago | parent [-]

A good point! Conformance tests seem like a great idea to me to go along with specs.

Muromec 3 days ago | parent | prev [-]

If everyone has the same parser the whole classes of bugs just stop being exploitable. The classic one being one parser at the edge validates somethhing and the further down the line sees another result which it expects tp be rejected during validation.

Both parsers could be buggy, but when they have different kinds of bugs, you get a zero click undetectable exploit

woodruffw 3 days ago | parent | next [-]

I don’t think it’s this simple: you can still produce observable differentials with a single parser by using different options within that parser in different places. The ZIP format itself affords ample opportunities for that.

hinkley 2 days ago | parent [-]

The settings are at encode time. For two readers the results should be unambiguous.

woodruffw 2 days ago | parent [-]

There are plenty of decode-time knobs, even within a single ZIP parser. Here are just a few you could set while using libzip[1].

[1]: https://libzip.org/documentation/zip_open.html#DESCRIPTION

hinkley 2 days ago | parent [-]

That’s not a lot of settings, and that’s libzib, which is not zlib.

woodruffw 2 days ago | parent [-]

Differentials are oracular; you only need one bit. And I’m not claiming it’s in zlib, since zlib isn’t a ZIP library. TFA here is about ZIP differentials, not differentials in DEFLATE stream parsers.

aaviator42 3 days ago | parent | prev [-]

It significantly increases the attack surfaces of bugs that do exist in the parser if the same implementation is used everywhere.