Code Review
/
apps
/
agl-service-can-low-level.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
review
|
tree
raw
|
patch
|
inline
| side by side (parent:
bb52a7a
)
Clarify security model with regard to pointer _count fields.
author
Petteri Aimonen
<jpa@git.mail.kapsi.fi>
Mon, 6 Jun 2016 18:07:28 +0000
(21:07 +0300)
committer
Petteri Aimonen
<jpa@git.mail.kapsi.fi>
Mon, 6 Jun 2016 18:07:28 +0000
(21:07 +0300)
docs/security.rst
patch
|
blob
|
history
diff --git
a/docs/security.rst
b/docs/security.rst
index
2d0affc
..
d854612
100644
(file)
--- a/
docs/security.rst
+++ b/
docs/security.rst
@@
-38,8
+38,11
@@
these will cause "garbage in, garbage out" behaviour. It will not cause
buffer overflows, information disclosure or other security problems:
1. All data read from *pb_istream_t*.
buffer overflows, information disclosure or other security problems:
1. All data read from *pb_istream_t*.
-2. All fields in message structures, except callbacks, pointers and extensions.
- (Beginning with nanopb-0.2.4, in earlier versions the field sizes are partially unchecked.)
+2. All fields in message structures, except:
+
+ - callbacks (*pb_callback_t* structures)
+ - pointer fields (malloc support) and *_count* fields for pointers
+ - extensions (*pb_extension_t* structures)
Invariants
==========
Invariants
==========