From: Petteri Aimonen <jpa@git.mail.kapsi.fi>
Date: Mon, 6 Jun 2016 18:07:28 +0000 (+0300)
Subject: Clarify security model with regard to pointer _count fields.
X-Git-Tag: 5.0.2~186^2~67
X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=commitdiff_plain;h=ed8ac90bd162bdbe284f7679f7ba45fa13e22bd1;p=apps%2Fagl-service-can-low-level.git

Clarify security model with regard to pointer _count fields.
---

diff --git a/docs/security.rst b/docs/security.rst
index 2d0affc5..d8546122 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -38,8 +38,11 @@ these will cause "garbage in, garbage out" behaviour. It will not cause
 buffer overflows, information disclosure or other security problems:
 
 1. All data read from *pb_istream_t*.
-2. All fields in message structures, except callbacks, pointers and extensions.
-   (Beginning with nanopb-0.2.4, in earlier versions the field sizes are partially unchecked.)
+2. All fields in message structures, except:
+   
+   - callbacks (*pb_callback_t* structures)
+   - pointer fields (malloc support) and *_count* fields for pointers
+   - extensions (*pb_extension_t* structures)
 
 Invariants
 ==========