Limit memory allocation of get_bytes to 1MB #116

Merged
merged 1 commit into from Feb 27, 2013

Projects

None yet

2 participants

@mvschaik
Contributor

If get_bytes() can pad unlimited, a RSA pub key could be crafted
that would allocate GB's of nulls, thereby forming a DoS-vector.

E.g. if the message would be '\x7f\xff\xff\xff...', get_string() could
throw a memory error or crash a system.

@mvschaik mvschaik Limit memory allocation of get_bytes to 1MB
If get_bytes() can pad unlimited, a RSA pub key could be crafted
that would allocate GB's of nulls, thereby forming a DoS-vector.
3bbcf80
@bitprophet
Member

Not being intimate with this part of the protocol, I originally wondered if there was ever a legit reason for pulling that much data out of a message stream (the only time get_bytes is used with arbitrary input is in get_string).

However a quick test with real world usage (Fabric pulling down a moderate amount of remote stdout) never sees any requests to get_bytes larger than 1024, so I'm guessing that a MB is a quite decent upper bound. Thanks!

@bitprophet bitprophet merged commit 37d0247 into paramiko:master Feb 27, 2013

1 check passed

default The Travis build passed
Details
@bitprophet bitprophet added a commit that referenced this pull request Feb 27, 2013
@bitprophet bitprophet Changelog re #116 ac9370d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment