You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I'm doing some testing on this package, thanks for the great work. 👍
I wanted to share with you two possible denial of service.
Right now, anybody can open a connection and keep it for ever doing :
- Bad command ( commands that are not handle by the parse() function )
c.nbrErrors++ will be incremented but will never trigger a connection close()
- Speak Up (When command is empty)
A connection can stay open , sending empty commands for ever
In both cases, the attacker can open as many connection, send either "bad commands" not parsed. So , for example, 1 char, 2char, 3 char commands or just empty commands and will never reach any disconnect.
As a quick fix, I would suggest this to evaluate the c.nbrErrors counter and disconnect if > 3
In both scenarios
Example:
File: conn.go
Line: 101
if cmd == "" {
c.nbrErrors++
if c.nbrErrors > 3 {
c.WriteResponse(500, EnhancedCode{5, 5, 2}, "Too many errors")
c.Close()
}
c.WriteResponse(500, EnhancedCode{5, 5, 2}, "Speak up")
return
}
file: server.go
Line: 137
if err != nil {
c.nbrErrors++
if c.nbrErrors > 3 {
c.WriteResponse(500, EnhancedCode{5, 5, 2}, "Too many errors")
c.Close()
}
c.WriteResponse(501, EnhancedCode{5, 5, 2}, "Bad command")
continue
}
Hope this help.
The text was updated successfully, but these errors were encountered:
Hello,
I'm doing some testing on this package, thanks for the great work. 👍
I wanted to share with you two possible denial of service.
Right now, anybody can open a connection and keep it for ever doing :
- Bad command ( commands that are not handle by the parse() function )
c.nbrErrors++ will be incremented but will never trigger a connection close()
- Speak Up (When command is empty)
A connection can stay open , sending empty commands for ever
In both cases, the attacker can open as many connection, send either "bad commands" not parsed. So , for example, 1 char, 2char, 3 char commands or just empty commands and will never reach any disconnect.
As a quick fix, I would suggest this to evaluate the c.nbrErrors counter and disconnect if > 3
In both scenarios
Example:
File: conn.go
Line: 101
file: server.go
Line: 137
Hope this help.
The text was updated successfully, but these errors were encountered: