Re: Preventing Denial of Service Attack In IPC Serialization
On Jul 8, 8:46 am, Ethan Cohen <ech...@ihatespam.com> wrote:
In article <1182621228.499010.98...@g4g2000hsf.googlegroups.com>,
jaibudu...@gmail.com says...
is >> std::hex >> inbound_data_size;
inbound_data_.resize(inbound_data_size);
That's not part of the serialization framework! It is part of the
application code. As it stands, it is a DOS vulnerability. That
vulnerability can be eliminated without touching even a *single* line
of the serialization framework, simply by limiting the value of
inbound_data_size .
What value should be chosen as a limit on inbound_data_size?
That is completely platform-specific, but it should be large enough for
the problem domain, yet just below the amount that would cripple or
otherwise negatively impact the system.
For example, if your platform is a "real-mode" OS without virtual
memory, the limit may ultimately be determined by the amount of physical
RAM available to your C-runtime heap.
Setting a limit on inbound_data_size doesn't solve the problem of an
attacker sending you bogus object deserialization requests, though.
That's true. Even after my solution is used, the stack-based
solution, there is still a problem, which involves keeping the
receiver of a pseudo-legitimate deserialization in limbo, holding the
data.
The entire solution to this whole problem will require a use of
Little's Law: (http://en.wikipedia.org/wiki/Little%27s_theorem), which
would involve macro and micro timers on how long the receiver is
willing to allow the sender to hold the receivers "attention."
But we haven't got to that part because people are still hung up on
allocating 1MB buffers. :)
-Le Chaud Lapin-
--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]