[fpc-pascal] Remote FreePascal compile service, feedback requested

Mattias Gaertner nc-gaertnma at netcologne.de
Tue Dec 6 16:12:07 CET 2005 

On Tue, 06 Dec 2005 11:08:26 +0100
Vincent Snijders <vsnijders at quicknet.nl> wrote:

> Mattias Gaertner wrote:
> > On Mon, 5 Dec 2005 18:50:28 +0100 (CET)
> > Michael Van Canneyt <michael at freepascal.org> wrote:
> > 
> > 
> >>
> >>On Mon, 5 Dec 2005, L505 wrote:
> >>
> >>
> >>>Also, a simple macro could end up in a neverending loop and bring down
> >>>the server. Lots of other ways to make a compiler go nuts.
> >>
> >>The Free Pascal compiler checks for recursive expansion. If it goes over
> >>16, it stops.
> >>
> >>In case you prove otherwise, of course, we have a bug...
> > 
> > 
> > Here is my first fpc DOS attack:
> > 
> > type
> >   TMyClassA = class;
> >   
> >   TMyClassA = class(TMyClassA)
> >     procedure DoSomething; override;
> >   end;
> 
> Reported as 4569:
> http://www.freepascal.org/bugs/showrec.php3?ID=4569

Thanks. 

There are more such denial of service attack possibilities. But they don't
happen in serious pascal code, so I don't think, they should pollute the bug
list. The above is different, as the real bug is that fpc allows cycles and
can happen by a single typo.

Other potential denial of services attacks:

Concatenation of string constants needs O(n^2).
s=' ... string ...'
+' ... string ...'
... one thousand concatenations ...
;


Include directives
FPC allows a maximum depth of 16 levels. That means a single include file
can create valid n^15 include directives.

// fpc has a built-in maximum of include files depth 16
// this can be used for a denial of service attack:
{$IFNDEF DOSStarted}
{$DEFINE DOSStarted}
{$DEFINE Level1}
{$I denialofservice.inc}
{$ELSE}

{$IFDEF Level3}{$UNDEF Level3}{$DEFINE Level4}{$NOTE Level 4}{$ENDIF}
{$IFDEF Level2}{$UNDEF Level2}{$DEFINE Level3}{$NOTE Level 3}{$ENDIF}
{$IFDEF Level1}{$UNDEF Level1}{$DEFINE Level2}{$NOTE Level 2}{$ENDIF}

{$IFNDEF Level4} // increase this till 15
// include n-times
{$I denialofservice.inc}
{$I denialofservice.inc}
{$ENDIF}

{$IFDEF Level1}{$UNDEF Level1}{$NOTE Level 0}{$ENDIF}
{$IFDEF Level2}{$UNDEF Level2}{$DEFINE Level1}{$NOTE Level1}{$ENDIF}
{$IFDEF Level3}{$UNDEF Level3}{$DEFINE Level2}{$NOTE Level2}{$ENDIF}
{$IFDEF Level4}{$UNDEF Level4}{$DEFINE Level3}{$NOTE Level3}{$ENDIF}
{$ENDIF}


> Maybe the test program can be added to the testsuite. ;-)


Mattias

More information about the fpc-pascal mailing list