Randomness added to table length computation
A bad actor could fill only a few entries in a table (power of twos in decreasing order, see tests) and produce a small table with a huge length. If your program builds a table with external data and iterates over its length, this behavior could be an issue.
This commit is contained in:
Roberto Ierusalimschy
@@ -345,6 +345,18 @@ do
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
do print("testing attack on table length")
|
||||
local t = {}
|
||||
local lim = math.floor(math.log(math.maxinteger, 2)) - 1
|
||||
for i = lim, 0, -1 do
|
||||
t[2^i] = true
|
||||
end
|
||||
assert(t[1 << lim])
|
||||
-- next loop should not take forever
|
||||
for i = 1, #t do end
|
||||
end
|
||||
|
||||
local nofind = {}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user