Re: Header compression: buffer management
"Poul-Henning Kamp" <phk@phk.freebsd.dk> Fri, 22 March 2013 07:40 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95BA921F902F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 22 Mar 2013 00:40:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ns8jVIIjQ1x8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 22 Mar 2013 00:40:20 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 84A3A21F902E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 22 Mar 2013 00:40:20 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UIwZ5-0006F4-5R for ietf-http-wg-dist@listhub.w3.org; Fri, 22 Mar 2013 07:39:03 +0000
Resent-Date: Fri, 22 Mar 2013 07:39:03 +0000
Resent-Message-Id: <E1UIwZ5-0006F4-5R@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1UIwYt-0006BE-Km for ietf-http-wg@listhub.w3.org; Fri, 22 Mar 2013 07:38:51 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1UIwYp-0006IO-9G for ietf-http-wg@w3.org; Fri, 22 Mar 2013 07:38:51 +0000
Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.61.3]) by phk.freebsd.dk (Postfix) with ESMTP id 1DB898A521; Fri, 22 Mar 2013 07:38:26 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.6/8.14.6) with ESMTP id r2M7cOHG002941; Fri, 22 Mar 2013 07:38:25 GMT (envelope-from phk@phk.freebsd.dk)
To: James M Snell <jasnell@gmail.com>
cc: RUELLAN Herve <Herve.Ruellan@crf.canon.fr>, ietf-http-wg@w3.org
In-reply-to: <CABP7RbdL=cV2qSMBA3Me65T8tGaU3p9F5Wc690Jqk7q8xk_=iw@mail.gmail.com>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <6C71876BDCCD01488E70A2399529D5E5163F39C4@ADELE.crf.canon.fr> <1818.1363884575@critter.freebsd.dk> <CABP7RbdL=cV2qSMBA3Me65T8tGaU3p9F5Wc690Jqk7q8xk_=iw@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Date: Fri, 22 Mar 2013 07:38:24 +0000
Message-ID: <2940.1363937904@critter.freebsd.dk>
Received-SPF: none client-ip=130.225.244.222; envelope-from=phk@phk.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-4.7
X-W3C-Hub-Spam-Report: AWL=-2.195, RP_MATCHES_RCVD=-2.497
X-W3C-Scan-Sig: maggie.w3.org 1UIwYp-0006IO-9G db78a7135356437e0af2e698d9cd87be
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Header compression: buffer management
Archived-At: <http://www.w3.org/mid/2940.1363937904@critter.freebsd.dk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17112
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
In message <CABP7RbdL=cV2qSMBA3Me65T8tGaU3p9F5Wc690Jqk7q8xk_=iw@mail.gmail.com> , James M Snell writes: >I've briefly looked at this and it definitely is a challenge. With delta, >we at least have the benefit of allowing the decompressor to set an upper >bound on stored state size, but even that can be problematic under heavy >load and does not completely resolve the issue. For instance, a malicious >client could potentially send hundreds of junk headers frames intentionally >designed to make the decompressor do significant extra work managing it's >internal buffers. Any request-response protocol is more or less vulnerable in this respect. There are basically two things you can do to mitigate: 1) Severely circumscribe the first request on a connection. This vastly increases the attackers cost of attack and makes sure that the server can scrutinize the first request for signs of malicious behaviour. 2) Make sure that the first request becomes available progressively to enable similar heuristics on the fly. I think #1 is far preferable to #2, as a matter of usability for the people writing the non-client code, but if done right #2 is a workable solution. One way to implement #1 is to specify that the first request, however encoded, compressed or serialized, cannot be bigger than N bytes on the wire. For instance setting N to 8192. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
- Header compression: buffer management RUELLAN Herve
- Re: Header compression: buffer management Amos Jeffries
- Re: Header compression: buffer management Poul-Henning Kamp
- Re: Header compression: buffer management James M Snell
- Re: Header compression: buffer management Roberto Peon
- Re: Header compression: buffer management Poul-Henning Kamp
- Re: Header compression: buffer management Poul-Henning Kamp
- RE: Header compression: buffer management RUELLAN Herve
- RE: Header compression: buffer management RUELLAN Herve