Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checked arithmetics for TracePos #275

Open
monoid opened this issue Jun 9, 2022 · 1 comment
Open

Checked arithmetics for TracePos #275

monoid opened this issue Jun 9, 2022 · 1 comment
Assignees
@monoid
Labels
A-trace-handler area: components related to CRDT data C-enhancement category: an issue proposing an enchacement or a PR with one T-hardening track: hardening

Comments

@monoid
Copy link
Contributor

monoid commented Jun 9, 2022

TracePos values can be controlled by an attacker, and it worth checking that values do not overflow, returning a error instead.
@monoid monoid added C-enhancement category: an issue proposing an enchacement or a PR with one A-trace-handler area: components related to CRDT data labels Jun 9, 2022
@monoid monoid self-assigned this Jun 9, 2022
@monoid monoid mentioned this issue Jun 9, 2022
Merged
@mikevoronov mikevoronov added the T-hardening track: hardening label Oct 7, 2022
@raftedproc raftedproc mentioned this issue Apr 24, 2023
Merged
@monoid
Copy link
Contributor Author

monoid commented Apr 24, 2023

Some care should be taking in implementing it.

panicing on overflow is bad idea as will make Marine to create a new instance that is slower than re-using an existing one (but, perhaps, is not slow enough for (D)DoS attack).

Replacing + with .checked_add(...) and returning Err can be cumbersome...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@monoid monoid

Labels
A-trace-handler area: components related to CRDT data C-enhancement category: an issue proposing an enchacement or a PR with one T-hardening track: hardening
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@monoid @mikevoronov