New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limit memory allocation of get_bytes to 1MB #116

Merged
merged 1 commit into from Feb 27, 2013

Conversation

Projects
None yet
2 participants
@mvschaik
Contributor

mvschaik commented Nov 30, 2012

If get_bytes() can pad unlimited, a RSA pub key could be crafted
that would allocate GB's of nulls, thereby forming a DoS-vector.

E.g. if the message would be '\x7f\xff\xff\xff...', get_string() could
throw a memory error or crash a system.

Limit memory allocation of get_bytes to 1MB
If get_bytes() can pad unlimited, a RSA pub key could be crafted
that would allocate GB's of nulls, thereby forming a DoS-vector.
@bitprophet

This comment has been minimized.

Member

bitprophet commented Feb 27, 2013

Not being intimate with this part of the protocol, I originally wondered if there was ever a legit reason for pulling that much data out of a message stream (the only time get_bytes is used with arbitrary input is in get_string).

However a quick test with real world usage (Fabric pulling down a moderate amount of remote stdout) never sees any requests to get_bytes larger than 1024, so I'm guessing that a MB is a quite decent upper bound. Thanks!

bitprophet added a commit that referenced this pull request Feb 27, 2013

Merge pull request #116 from mvschaik/patch-1
Limit memory allocation of get_bytes to 1MB

@bitprophet bitprophet merged commit 37d0247 into paramiko:master Feb 27, 2013

1 check passed

default The Travis build passed
Details

bitprophet added a commit that referenced this pull request Feb 27, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment