[Twisted-Python] Protocol handler are open to DoS attacks
25 Sep
2001
25 Sep
'01
3:43 p.m.
In general, I've been noticing that the behaviour of protocol given illegal inputs is problematic - no length limits, and garbage is raised as part of exceptions. Problem 1 leads to giant memory usage - a line receiver can receive MBs of MBs of data it will happily buffer until it gets a line break. The other problem leads to mucho garbage and exceptions in the log. See protocols.basic.SafeNetstringReceiver to see how I solved it for netstrings. You can test both things in unix - run a webserver on port 8080, then: # send infinite data $ yes | netcat localhost 8080 # send garbage $ cat /dev/urandom | netcat localhost 8080
8248
Age (days ago)
8248
Last active (days ago)
0 comments
1 participants
participants (1)
-
Itamar Shtull-Trauring