[vorbis-dev] Will Vorbis happily decode packets with random data?
MC Spanky
mcspanky at mac.com
Wed Aug 8 10:39:44 PDT 2001
On Wed, 8 Aug 2001 volsung at asu.edu wrote:
> On Wed, 8 Aug 2001, Martin C. Martin wrote:
>
> If you are assuming that the decoder has no buffer overflow bugs, then you
> don't need to scan at all.
Not quite. UT has it's own scripting language, UnrealScript, which has
a sandbox not unlike Java. However, there may be a couple holes in the
sandbox which allow a small amount of manipulation of the file system.
Not enough to write an arbitrary file to the disk, but enough to execute
an existing file.
If I add the ability to download arbitrary files (i.e. no scanning),
then some "rogue" piece of UnrealScript could use this to download a
win32 executable and run it.
The only missing piece of the puzzle is how the "rogue" UnrealScript
gets onto a user's computer in the first place. I'm looking into that
too. There are conditiions under which your client will automatically
download UnrealScript, if the server says it's needed for a game, but
you don't have it. But there are limitations on it, and I don't know if
they can be worked around.
So, it's not the output of the vorbis decoder I'm worried about; it's
storing the vorbis file on the hard drive, if it's not really a vorbis
file at all.
- Martin
--- >8 ----
List archives: http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Vorbis-dev
mailing list