Skip to content

Instantly share code, notes, and snippets.

@Lucretiel

Lucretiel/raw_unsound.rs

Created April 14, 2022 02:56
Show Gist options
  • Save Lucretiel/5deaf285f06a85056aa76276abf9bd77 to your computer and use it in GitHub Desktop.
Save Lucretiel/5deaf285f06a85056aa76276abf9bd77 to your computer and use it in GitHub Desktop.
Download ZIP
demonstration of a soundness flaw in rmp_serde
Raw
raw_unsound.rs
use rmp_serde::Raw;
use serde::{ser, Serialize};
use thiserror::Error;
/// Serializer that serializes strings as a list of char
struct CharListSerializer {
output: Vec<char>,
}
#[derive(Debug, Error)]
#[error("error during serialization")]
struct SerializeError;
impl ser::Error for SerializeError {
fn custom<T>(_: T) -> Self
where
T: std::fmt::Display,
{
Self
}
}
impl ser::Serializer for &mut CharListSerializer {
type Ok = ();
type Error = SerializeError;
type SerializeSeq = ser::Impossible<(), SerializeError>;
type SerializeTuple = ser::Impossible<(), SerializeError>;
type SerializeTupleStruct = ser::Impossible<(), SerializeError>;
type SerializeTupleVariant = ser::Impossible<(), SerializeError>;
type SerializeMap = ser::Impossible<(), SerializeError>;
type SerializeStruct = ser::Impossible<(), SerializeError>;
type SerializeStructVariant = ser::Impossible<(), SerializeError>;
fn serialize_bool(self, _: bool) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_i8(self, _: i8) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_i16(self, _: i16) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_i32(self, _: i32) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_i64(self, _: i64) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_u8(self, _: u8) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_u16(self, _: u16) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_u32(self, _: u32) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_u64(self, _: u64) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_f32(self, _: f32) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_f64(self, _: f64) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_char(self, c: char) -> Result<Self::Ok, Self::Error> {
self.output.push(c);
Ok(())
}
fn serialize_str(self, s: &str) -> Result<Self::Ok, Self::Error> {
self.output.extend(s.chars());
Ok(())
}
fn serialize_bytes(self, _: &[u8]) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_none(self) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_some<T: ?Sized>(self, _: &T) -> Result<Self::Ok, Self::Error>
where
T: serde::Serialize,
{
Err(SerializeError)
}
fn serialize_unit(self) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_unit_struct(self, _: &'static str) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_unit_variant(
self,
_: &'static str,
_: u32,
_: &'static str,
) -> Result<Self::Ok, Self::Error> {
Err(SerializeError)
}
fn serialize_newtype_struct<T: ?Sized>(
self,
_: &'static str,
_: &T,
) -> Result<Self::Ok, Self::Error>
where
T: serde::Serialize,
{
Err(SerializeError)
}
fn serialize_newtype_variant<T: ?Sized>(
self,
_: &'static str,
_: u32,
_: &'static str,
_: &T,
) -> Result<Self::Ok, Self::Error>
where
T: serde::Serialize,
{
Err(SerializeError)
}
fn serialize_seq(self, _: Option<usize>) -> Result<Self::SerializeSeq, Self::Error> {
Err(SerializeError)
}
fn serialize_tuple(self, _: usize) -> Result<Self::SerializeTuple, Self::Error> {
Err(SerializeError)
}
fn serialize_tuple_struct(
self,
_: &'static str,
_: usize,
) -> Result<Self::SerializeTupleStruct, Self::Error> {
Err(SerializeError)
}
fn serialize_tuple_variant(
self,
_: &'static str,
_: u32,
_: &'static str,
_: usize,
) -> Result<Self::SerializeTupleVariant, Self::Error> {
Err(SerializeError)
}
fn serialize_map(self, _: Option<usize>) -> Result<Self::SerializeMap, Self::Error> {
Err(SerializeError)
}
fn serialize_struct(
self,
_: &'static str,
_: usize,
) -> Result<Self::SerializeStruct, Self::Error> {
Err(SerializeError)
}
fn serialize_struct_variant(
self,
_: &'static str,
_: u32,
_: &'static str,
_: usize,
) -> Result<Self::SerializeStructVariant, Self::Error> {
Err(SerializeError)
}
}
fn main() {
let mut ser = CharListSerializer { output: Vec::new() };
let data = "ABC";
data.serialize(&mut ser).unwrap();
assert_eq!(ser.output, ['A', 'B', 'C']);
ser.output.clear();
// An emoji: 😣
let data = [0xf0, 0x9f, 0x98, 0xa3];
let data = Raw::from_utf8(data.as_slice().to_owned());
data.serialize(&mut ser).unwrap();
assert_eq!(ser.output, ['😣']);
ser.output.clear();
// Uh oh
let data = [0xf0, 0x9f];
let data = Raw::from_utf8(data.as_slice().to_owned());
data.serialize(&mut ser).unwrap();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment