[Twisted-Python] Protocol handler are open to DoS attacks
Itamar Shtull-Trauring
lists at itamarst.org
Tue Sep 25 09:43:33 MDT 2001
In general, I've been noticing that the behaviour of protocol given illegal
inputs is problematic - no length limits, and garbage is raised as part of
exceptions.
Problem 1 leads to giant memory usage - a line receiver can receive MBs of
MBs of data it will happily buffer until it gets a line break. The other
problem leads to mucho garbage and exceptions in the log.
See protocols.basic.SafeNetstringReceiver to see how I solved it for
netstrings.
You can test both things in unix - run a webserver on port 8080, then:
# send infinite data
$ yes | netcat localhost 8080
# send garbage
$ cat /dev/urandom | netcat localhost 8080
More information about the Twisted-Python
mailing list