[Security] Harden untrusted-input handling — remote-DoS guards, memory safety, injection defenses #148
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hardening of untrusted-input handling: a remote NULL-deref DoS guard, removal of banned string/allocation APIs on peer-controlled data, and input validation / injection defenses (JID, MAM, URL scheme, notifier, control-char/bidi).
Part of #144. Decision legend: M must-do, C could-do, W won't-do (this cycle); investigate = verify the problem is real / scope it before implementing.
Subtasks & findings
T02 — Remote NULL-deref DoS: guard jid_create(from) on receive paths
Owner: Either · Decision: M · Effort: ~0.5d
Confirmed remote crash; copy sibling guard + ASan test.
message.c:1749-1750; presence.c:397-402,453-454,468-470T10 — Memory safety in parsers/crypto (banned APIs, overflow-checked alloc)
Owner: Either · Decision: M · Effort: ~1–1.5d
Shared ox.c g_strdup_printf rewrite; overflow-checked allocations + NULL checks.
ox.c:153-156; omemo/crypto.c:479,483omemo.c:1440,455/475/492; http_upload.c:101-103ox.c:150-151T11 — Input validation & injection (JID tests, MAM gate, URL/scheme, notifier, bidi)
Owner: Either · Decision: M · Effort: ~3–4d · Investigate: investigate INP-05 (disco-gate) and INP-08 sanitizer scope
INP-08 control-char/bidi sanitizer dominates effort.
tests/unittests/xmpp/test_jid.cmessage.c:1536-1571 (stored :1409-1410)cmd_funcs.c:9633-9655,9678-9698ui/notifier.c:160ui/window.c:2024,2120; str_xml_sanitize skips U+202EChecklist
T02 — Remote NULL-deref DoS: guard jid_create(from) on receive paths
T10 — Memory safety in parsers/crypto (banned APIs, overflow-checked alloc)
T11 — Input validation & injection (JID tests, MAM gate, URL/scheme, notifier, bidi)
Notes