subject:"XEP\-0138 uncontrolled resource consumption \?\?\?"

Re: XEP-0138 uncontrolled resource consumption ???

2015-02-26 Thread Tomasz Sterna

Dnia 2015-02-26, czw o godzinie 01:38 +0100, Matěj Cepl pisze:
 could anybody confirm that 
 http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/
  

As you can see at
https://github.com/jabberd2/jabberd2/blob/f6225f9cc5af93835285a0a788479978d271ee38/sx/io.c#L64
 stanza_size_limit is enforced on unencrypted/uncompressed bare stanza data.
So if the lower layer (sx compress plugin) feeds too much data, the
connection is torn down.


-- 
 /o__ Q: How do you stop an elephant from charging?
(_^' A: Take away his credit cards.

Re: XEP-0138 uncontrolled resource consumption ???

2015-02-26 Thread Matěj Cepl

On 26/02/15 11:32, Tomasz Sterna wrote:
 Dnia 2015-02-26, czw o godzinie 01:38 +0100, Matěj Cepl pisze:
 could anybody confirm that 
 http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/
  
 
 As you can see at
 https://github.com/jabberd2/jabberd2/blob/f6225f9cc5af93835285a0a788479978d271ee38/sx/io.c#L64
  stanza_size_limit is enforced on unencrypted/uncompressed bare stanza data.
 So if the lower layer (sx compress plugin) feeds too much data, the
 connection is torn down.

Thanks. Bugs have been closed.

Matěj

-- 
http://www.ceplovi.cz/matej/, Jabber: mc...@ceplovi.cz
GPG Finger: 89EF 4BC6 288A BF43 1BAB  25C3 E09F EF25 D964 84AC

If Patrick Henry thought that taxation without representation was
bad, he should see how bad it is with representation.

Re: XEP-0138 uncontrolled resource consumption ???

Re: XEP-0138 uncontrolled resource consumption ???

2 matches

Site Navigation

Mail list logo

Footer information