| I was thinking the other day about a specific type of denial-of-service attack which may possibly affect a number of servers in active use today. Imagine a c2s connection that has already been set up and is now moving top-level stanzas. What would happen if I sent <message to="[EMAIL PROTECTED]"><body> Followed by a stream of random UTF-8 characters? Assuming that those random characters do not happen to contain <, >, or &, (which is pretty easy to ensure), I would imagine that the process which has the XML parser would get larger and larger until the process would run out of memory. Boom. This attack (in spirit) doesn't require a fully established jabber stream, it only needs an opportunity to inject a large amount of data into an XML element that is inside of a top-level stanza. This attack could possibly work for attributes as well. Limiting the size of a single stanza may or may not fix the problem, depending on implementation. If the stanza size filter is applied to the stanza after it has been parsed, then this isn't good enough--the attack will still be successful because the stanza will never finish parsing. However, if the parser kept track of how large the stanza was getting as it was parsing it, then this attack can be avoided. Any thoughts, or other methods of preventing this attack from being successful? Or has this already been considered and "fixed"? __________________ Robert Quattlebaum Mobile: +1(650) 223-4974 eMail: [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED] WWW: http://www.deepdarc.com/ |
- [jdev] Security-related thought experiment Robert B Quattlebaum, Jr.
- Re: [jdev] Security-related thought experim... Justin Karneges
- Re: [jdev] Security-related thought experim... Pedro Melo
- Re: [jdev] Security-related thought experim... Robert B Quattlebaum, Jr.
- Re: [Standards-JIG] Re: [jdev] Security... Robert B Quattlebaum, Jr.
- Re: [Standards-JIG] Re: [jdev] Secu... Bruce Campbell
- Re: [Standards-JIG] Re: [jdev] ... Peter Saint-Andre
