Export (0) Print
Expand All

4 Security Considerations

Some of the structures contain fields that specify size information of the data in the serialization stream. The type of the size that specifies fields is INT32 (as specified in [MS-DTYP] section 2.2.22). The maximum value of these values can be as high as 0x7FFFFFFF. An implementation that consumes the stream should either not allocate memory based on the size information specified in the serialization stream, or ensure that the data in the serialization stream can be trusted.

The following table lists the structures with fields that specify size information.

Type

Field

Description

LengthPrefixedString

Length

Size of the string

ArrayOfValueWithCode

Length

Size of the Array

ClassInfo

MemberCount

Number of Members

ArrayInfo

Length

Size of the Array

BinaryArray

Rank

Size of the Lengths and LowerBounds Arrays

BinaryArray

Lengths

Size of each dimension that would affect the net size of the Array

ObjectNullMultiple

NullCount

Number of Null Objects

De-serialization of the serialization stream results in creating instances of Remoting Types whose information is provided in the serialization stream. It may be unsafe to create an instance of Remoting Types. An implementation should protect against attacks where the serialization stream includes the unsafe Remoting Types. Such attacks can be mitigated by allowing the higher layer to configure a list of Remoting Types in an implementation-specific way and disallow de-serialization of any Remoting Type that is not in the list.

 
Show:
© 2014 Microsoft