New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DoS vulnerability in Revel framework #1424
Comments
|
Yes, I can see how that could be an issue, but would it not be a better idea to place the check on where |
|
Although it looks more concise, it may be confused when visiting |
|
OK, so in this situation it would be best to ignore the parameter all together ? And likely a good idea to log the error. |
|
It looks better!
…On Sat, Mar 9, 2019, 00:44 Steve ***@***.***> wrote:
OK, so in this situation it would be best to ignore the parameter all
together ? And likely a good idea to log the error.
if index > -1 {
if maxIndex > maxIndexBound {
binderLog.Error.Println("Invalid parameter index, ignoring parameter","index", maxIndex,"key",key)
return
}
if index > maxIndex {
maxIndex = index
}
sliceValues = append(sliceValues, sliceValue{
index: index,
value: Bind(params, key[:subKeyIndex], typ.Elem()),
})
return
}
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1424 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/Af5P0FzbSI0FZrf3dNZTLrw3DxnQpbThks5vUpNQgaJpZM4beFyg>
.
|
Fix DoS vuln mentioned in issue #1424
|
I've marked this as needs testing, though it may be ready for release. @notzippy any idea what the latest status is here? |
|
pinging this; high priority |
|
@brendensoares This has been fixed and merged see #1427 and should be closed https://github.com/revel/revel/blob/master/binder.go#L232-L247 |
Once the slices parameter feature is used, the website will be suffering from DoS attack.
When we need to get a slice parameter, we may use the following code snippet in our controller.
It looks like everything is OK. However, we can exhaust the server's MEM with only one request.
e.g., when simply visit
http://localhost:9000/dos1?name[1234567890]=1, the server's CPU and memory usage will soar, and the OOM killer will be triggered eventually.This vulnerability was caused by the following code:
revel/binder.go
Lines 210 to 277 in a3d7a7c
When the function above is invoked, Revel will calc the
maxIndexfrom user's input, and thus the attacker could make themaxIndexas large as possible. Whenreflect.MakeSliceis called, Golang will alloc a large memory as themaxIndexneeded.A possible solution for this vuln is to specify the upper bound of the
maxIndexin the code or config file.Before the problem is fixed, plz avoid using the slices parameter feature.
The text was updated successfully, but these errors were encountered: