Fix security issues in master#2274
Merged
Merged
Conversation
AArnott
commented
Jun 9, 2026
AArnott
commented
Collaborator
- Fix WriteRawX methods to advance by written length
- Bound LZ4 input reads for CWE-125
- Reject nested typeless blocklist bypass for CWE-502
- Use iteration for skipping msgpack structures for CWE-674
- Reject invalid DateTime ext lengths for CWE-789
- Fix CWE-789 multidimensional array allocation validation
- Guard dynamic union depth for CWE-674
- Use secure lookup comparer for CWE-407
- Validate Unity blit lengths for CWE-789
- Guard JSON conversion depth for CWE-674
- Avoid JSON separator recursion for CWE-674
- Guard typeless JSON depth for CWE-674
- Fix CWE-190 map header length overflow
- Limit untrusted ExpandoObject maps for CWE-407
- Default MVC input formatter to UntrustedData for CWE-1188
- Guard LZ4 decompression length for CWE-409
- Honor TypeFormatter options hooks for CWE-470
Before this change, the length of the source span would dictate how large the destination span became and how far we advanced the writer, without any regard to how many bytes would actually be copied into that buffer.
The LZ4 block decoder accepted only the destination length and advanced through the compressed input without knowing where the source buffer ended. Malformed compressed payloads could therefore drive unchecked native reads before the existing post-decode length check ran. Pass the compressed input length into the 32-bit and 64-bit decoders and reject malformed blocks before token, literal, offset, and match-length reads would move past the source buffer. Add a regression test that verifies malformed LZ4 data fails as a normal serialization exception.
Typeless deserialization previously validated only the outer wire-supplied type before resolving a formatter. Container types could therefore hide a disallowed element or generic argument from the mitigation and from custom option overrides. Validate element and constructed generic argument types before formatter resolution, and add regression coverage for nested typeless disallowed types.
The `MessagePackReader` has no concept of a depth limit, and it implemented its `Skip()` method recursively which can easily blow the stack for deeply nested msgpack structures. Rather than introduce a new API with an adjustable depth limit, set to a 'secure' but otherwise arbitrary default, we can make `Skip()` iterate instead of recurse in order to avoid ever crashing.
DateTime extension decoding previously treated any declared timestamp length as a partial token before validating whether that length was legal. Malformed input could therefore force the reader slow path to prepare a stack buffer sized from the untrusted extension header. Validate timestamp extension lengths before insufficient-buffer handling so only the supported timestamp encodings can proceed to buffering. Add a regression test that verifies oversized malformed DateTime extension headers fail as a normal serialization exception.
Multidimensional array deserialization trusted dimension values and allocated arrays before confirming that the flattened element count matched the serialized element array header. This could let malformed data request disproportionate allocations before validation. Validate non-negative dimensions and checked flattened lengths for 2D, 3D, and 4D array formatters before allocation, and add regression coverage for mismatched element counts under untrusted data options.
DynamicUnionResolver emitted deserializers did not count the union formatter frame against MessagePackSecurity's object graph depth budget. That left recursive union values and skipped unknown union payloads less constrained than source-generated unions and dynamic object formatters. Emit DepthStep after nil handling and decrement reader.Depth before returning, matching the existing dynamic object formatter pattern. Add a regression test proving unknown union payloads respect the depth limit without including exploit payload details.
InterfaceLookupFormatter created its intermediate Dictionary with the default comparer, so ILookup<TKey,TElement> deserialization did not honor MessagePackSecurity.UntrustedData hash-collision resistance. Pass the security-provided equality comparer into the intermediate dictionary and add regression coverage that verifies colliding long keys use the hardened comparer.
UnsafeBlitFormatter trusted the nested byte count from extension payloads when allocating arrays, even though the surrounding extension length had already bounded the body. Malformed inputs could request allocations that were not supported by the declared extension data. Parse the extension body through a bounded reader and reject negative, unaligned, or mismatched byte counts before allocating. Add a regression test for the malformed length case.
ConvertFromJson now applies the configured MessagePackSecurity maximum object graph depth while translating nested JSON objects and arrays, preventing deeply nested input from recursing until stack exhaustion. Added a bounded regression test that verifies over-depth JSON is rejected for both compressed and uncompressed conversion paths.
TinyJsonReader previously skipped JSON separators with a recursive ReadNextToken call, so a long separator sequence supplied to ConvertFromJson could consume one stack frame per separator and terminate the process. Change separator skipping to stay within the tokenizer loop instead, preserving the existing tokenization behavior without stack growth. Add regression coverage that converts a long separator-prefixed JSON value successfully.
ConvertToJson recursively expands typeless extension values while composing JSON, but that path was not counted against MessagePackSecurity.MaximumObjectGraphDepth. Deeply nested typeless values could therefore bypass UntrustedData depth checks and exhaust the call stack. Wrap typeless extension JSON processing in DepthStep/decrement accounting and add regression coverage that expects the configured depth limit to be enforced.
Promote map entry count multiplication to long when validating the minimum encoded payload length and when skipping map contents. This keeps oversized malformed map headers on the insufficient-buffer path instead of relying on Int32 arithmetic behavior. Add regression coverage for oversized map headers in ReadMapHeader and Skip.
ExpandoObject map materialization inserts each member through ExpandoObject, whose member table grows with linear scans and array copies. Under the untrusted-data resolver preset, very large maps could consume disproportionate CPU before application code sees the result. Reject oversized ExpandoObject maps when hash-collision hardening is active, covering both direct ExpandoObject deserialization and nested maps produced by ExpandoObjectResolver. Add focused regression coverage for both paths.
MessagePackInputFormatter handles HTTP request bodies, but its default/null options path fell back to MessagePackSerializerOptions.Standard and therefore TrustedData. That left hash-based model binding without the untrusted-data collision-resistance defaults expected at this trust boundary. Default null input-formatter options to Standard.WithSecurity(UntrustedData), while preserving caller-supplied options. Add a regression test that verifies the parameterless formatter deserializes dictionary request bodies with the collision-resistant comparer.
Validate declared LZ4 decompressed block sizes against the compressed block size before requesting an output buffer. This rejects unreasonable Lz4Block and Lz4BlockArray declarations before allocation while preserving normal compressed payload handling.
This was referenced Jun 9, 2026
This was referenced Jun 12, 2026
microsoft-github-policy-service Bot
pushed a commit
to Azure/bicep
that referenced
this pull request
Jun 12, 2026
Updated [MessagePack](https://github.com/MessagePack-CSharp/MessagePack-CSharp) from 3.1.3 to 3.1.7. <details> <summary>Release notes</summary> _Sourced from [MessagePack's releases](https://github.com/MessagePack-CSharp/MessagePack-CSharp/releases)._ ## 3.1.7 ## What's Changed * Add `scoped` to `MessagePackWriter.Write(ReadOnlySpan<T>)` methods by @AArnott in MessagePack-CSharp/MessagePack-CSharp#2271 * Fix security issues in master by @AArnott in MessagePack-CSharp/MessagePack-CSharp#2274 ## Security release details This release fixes 3 high severity and 9 moderate severity security vulnerabilities. ### High severity advisory fixes - 26d4e743 GHSA-382j-8mxh-c7x2 Reject invalid DateTime ext lengths for CWE-789 - b9cb6050 GHSA-vh6j-jc39-fggf Use iteration for skipping msgpack structures for CWE-674 - 719e690a GHSA-hv8m-jj95-wg3x Bound LZ4 input reads for CWE-125 ### Moderage severity advisory fixes - 2b5a500a GHSA-v72x-2h86-7f8m Guard LZ4 decompression length for CWE-409 - f093bdc1 GHSA-qhmf-xw27-6rqr Reject nested typeless blocklist bypass for CWE-502 - f077798e GHSA-2f33-pr97-265q Default MVC input formatter to UntrustedData for CWE-1188 - 25a3493e GHSA-2x83-8g95-xh59 Limit untrusted ExpandoObject maps for CWE-407 - b414e6df GHSA-wfr3-xj75-pfwh Guard dynamic union depth for CWE-674 - 0555f07c GHSA-w567-gjr2-hm5j Validate Unity blit lengths for CWE-789 - 9b5783a7 GHSA-cxmj-83gh-fp49 Fix CWE-789 multidimensional array allocation validation - f96fcf05 GHSA-q2h6-ghwm-5qm8 Use secure lookup comparer for CWE-407 - b3af7cf7 GHSA-cj9g-3mj2-g8vv Guard JSON conversion depth for CWE-674 - 66ad0894 GHSA-cj9g-3mj2-g8vv Avoid JSON separator recursion for CWE-674 - 082ba7da GHSA-cj9g-3mj2-g8vv Guard typeless JSON depth for CWE-674 ### Fixes with no security advisory - fb0fe9f0 Honor TypeFormatter options hooks for CWE-470 - c1c06a6f Fix WriteRawX methods to advance by written length - 46c6a0fe Fix CWE-190 map header length overflow **Full Changelog**: MessagePack-CSharp/MessagePack-CSharp@v3.1.6...v3.1.7 ## 3.1.6 ## What's Changed * Add several known unsafe 'gadgets' to the disallow list by @AArnott in MessagePack-CSharp/MessagePack-CSharp#2270 **Full Changelog**: MessagePack-CSharp/MessagePack-CSharp@v3.1.5...v3.1.6 ## 3.1.5 ## What's Changed * Remove unneeded GetTypeInfo() calls by @Bykiev in MessagePack-CSharp/MessagePack-CSharp#2206 * Use 'Write' instead of 'WriteInt32' for union type keys by @VictorNicollet in MessagePack-CSharp/MessagePack-CSharp#2212 * Fix various disposable issues by @Bykiev in MessagePack-CSharp/MessagePack-CSharp#2224 * fix: prevent StackOverflow in Equals with recursive generic constraints by @khuongntrd in MessagePack-CSharp/MessagePack-CSharp#2226 * Add more types to the default disallow list of named types to be deserialized by @AArnott in MessagePack-CSharp/MessagePack-CSharp#2256 * Fix release workflow by @AArnott in MessagePack-CSharp/MessagePack-CSharp#2268 * ~~Fix Incorrect DateTimeOffset Serializer by @T0PP1ng in MessagePack-CSharp/MessagePack-CSharp#2225 * Revert DateTimeOffset encoding change by @AArnott in MessagePack-CSharp/MessagePack-CSharp#2262 ## New Contributors * @Bykiev made their first contribution in MessagePack-CSharp/MessagePack-CSharp#2206 * @VictorNicollet made their first contribution in MessagePack-CSharp/MessagePack-CSharp#2212 * @T0PP1ng made their first contribution in MessagePack-CSharp/MessagePack-CSharp#2225 * @khuongntrd made their first contribution in MessagePack-CSharp/MessagePack-CSharp#2226 **Full Changelog**: MessagePack-CSharp/MessagePack-CSharp@v3.1.4...v3.1.5 ## 3.1.4 ## What's Changed * Fix SkipClrVisibilityChecks to notice private fields in base classes by @AArnott in MessagePack-CSharp/MessagePack-CSharp#2153 * Promote analyzers to AnalyzerReleases.Shipped.md by @hanachiru in MessagePack-CSharp/MessagePack-CSharp#2169 * Add memory size check to `GetMemoryCheckResult` by @AArnott in MessagePack-CSharp/MessagePack-CSharp#2172 * AccessModifier was added to generated code. by @Nirklav in MessagePack-CSharp/MessagePack-CSharp#2185 ## New Contributors * @hanachiru made their first contribution in MessagePack-CSharp/MessagePack-CSharp#2169 **Full Changelog**: MessagePack-CSharp/MessagePack-CSharp@v3.1.3...v3.1.4 Commits viewable in [compare view](MessagePack-CSharp/MessagePack-CSharp@v3.1.3...v3.1.7). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Azure/bicep/network/alerts). </details> ###### Microsoft Reviewers: [Open in CodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/19839) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Shenglong Li <shenglol@microsoft.com>
This was referenced Jun 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.