Re: Preventing Denial of Service Attack In IPC Serialization

From:

Le Chaud Lapin <jaibuduvin@gmail.com>

Newsgroups:

comp.lang.c++.moderated

Date:

Mon, 11 Jun 2007 15:41:36 CST

Message-ID:

<1181573957.716272.217040@k79g2000hse.googlegroups.com>

On Jun 11, 10:24 am, Sebastian Redl <e0226...@stud3.tuwien.ac.at>
wrote:

But, and this is something we keep trying to tell you, this is _completely
independent of the serialization code_. It's strictly the decision of the
networking code to set limits on how much data an untrusted connection can
send and how many untrusted connections are accepted at any single time.
(And in turn, the networking code should let the user configure these
parameters, because the values depend on the application and available
resources.)

This does not make sense in the context of the problem that I have
presented.

You write "at any single time...", but I am not talking about per-
packet sends. Yes, in my original post, I used an example were
operator new () would be applied to a just-received scalar to allocate
a buffer to be read in. I only used this to avoid the (somewhat
weaker) problem of blind building of state at the receiver by
direction of the sender.

I am still waiting for someone to show me how they would "limit" data
by the resources. Again, I am not talking about packets. I am
talking about C++ objects that are to be serialized, objects of
arbitrary complexity.

-Le Chaud Lapin-

--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]