View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009058 | 10000-006: Mappings | Spec | public | 2023-07-26 15:44 | 2024-03-21 21:42 |
| Reporter | Martin Regen | Assigned To | Randy Armstrong | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.05.01 | ||||
| Fixed in Version | 1.05.04 RC1 | ||||
| Summary | 0009058: Recursion in DiagnosticInfo/InnerDiagnosticInfo should be limited to lower number than 100 | ||||
| Description | Due to the recursion in DiagnosticInfo it is possible across the board to run into recursion/stack overflow issues aka possible DoS attacks. The encoder/decoder should limit the recursion to a low reasonable number, e.g. 2 or 3, 5 was also suggested. see https://reference.opcfoundation.org/Core/Part6/v105/docs/5.2.2.12 DiagnosticInfo allows unlimited nesting which could result in stack overflow errors even if the message size is less than the maximum allowed. Decoders shall support at least 100 nesting levels. Decoders shall report an error if the number of nesting levels exceeds what it supports. The V1.04 spec does not mention a limit, it needs an update too. | ||||
| Steps To Reproduce | In a sample app create a DiagnosticInfo which points to itself in the InnerDiagnosticInfo and encode/decode. | ||||
| Tags | No tags attached. | ||||
| Commit Version | 1.05.04 RC | ||||
| Fix Due Date | 2023-10-31 | ||||
|
|
Fixed in 1.05.04 draft 1 and Errata 1.04 DiagnosticInfo allows unlimited nesting which could result in stack overflow errors even if the message size is less than the maximum allowed. Decoders shall support at least 100 4 nesting levels and should support no more than 10. Decoders shall report an error if the number of nesting levels exceeds what it supports.13. |
|
|
Agreed to changes edited in Dallas F2F. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-07-26 15:44 | Martin Regen | New Issue | |
| 2023-08-01 16:03 | Jim Luth | Assigned To | => Randy Armstrong |
| 2023-08-01 16:03 | Jim Luth | Status | new => assigned |
| 2023-08-01 16:04 | Jim Luth | Commit Version | => 1.05.04 RC |
| 2023-08-01 16:04 | Jim Luth | Fix Due Date | => 2023-11-01 |
| 2023-10-17 06:26 | Randy Armstrong | Status | assigned => resolved |
| 2023-10-17 06:26 | Randy Armstrong | Resolution | open => fixed |
| 2023-10-17 06:26 | Randy Armstrong | Note Added: 0020195 | |
| 2023-10-17 06:47 | Randy Armstrong | Fixed in Version | => 1.05.04 RC1 |
| 2023-10-17 06:47 | Randy Armstrong | Fix Due Date | 2023-11-01 => 2023-10-31 |
| 2024-03-21 21:42 | Jim Luth | Status | resolved => closed |
| 2024-03-21 21:42 | Jim Luth | Note Added: 0020999 |
