|
3 | 3 | "qhelp.dtd"> |
4 | 4 | <qhelp> |
5 | 5 |
|
6 | | -<overview> |
| 6 | + <overview> |
7 | 7 |
|
8 | | - Applications are constrained by how many resources they can make use |
9 | | - of, failing to respect these constraints may cause the application to |
10 | | - be unresponsive or crash. It is therefore be problematic if attackers |
11 | | - can control the sizes or lifetimes of allocated objects. |
| 8 | + <p> |
12 | 9 |
|
13 | | -</overview> |
| 10 | + Applications are constrained by how many resources they can make use |
| 11 | + of, failing to respect these constraints may cause the application to |
| 12 | + be unresponsive or crash. It is therefore be problematic if attackers |
| 13 | + can control the sizes or lifetimes of allocated objects. |
14 | 14 |
|
15 | | -<recommendation> |
| 15 | + </p> |
16 | 16 |
|
17 | | - Ensure that attackers can not control object sizes and their |
18 | | - lifetimes. If object sizes and lifetimes must be controlled by |
19 | | - external parties, ensure to restrict the object sizes and lifetimes to |
20 | | - be within accptable ranges. |
| 17 | + </overview> |
21 | 18 |
|
22 | | -</recommendation> |
| 19 | + <recommendation> |
23 | 20 |
|
24 | | -<example> |
| 21 | + <p> |
25 | 22 |
|
26 | | - The following example allocates a buffer with a user-controlled |
27 | | - size. |
| 23 | + Ensure that attackers can not control object sizes and their |
| 24 | + lifetimes. If object sizes and lifetimes must be controlled by |
| 25 | + external parties, ensure to restrict the object sizes and lifetimes to |
| 26 | + be within accptable ranges. |
28 | 27 |
|
29 | | - <sample src="examples/ResourceExhaustion_buffer.js" /> |
| 28 | + </p> |
30 | 29 |
|
31 | | - This is problematic since an attacker can choose a size |
32 | | - that makes the application run out of memory. Even worse, in older |
33 | | - versions of Node.js, this could leak confidential memory. |
| 30 | + </recommendation> |
34 | 31 |
|
35 | | - To prevent such attacks, limit the buffer size: |
| 32 | + <example> |
36 | 33 |
|
37 | | - <sample src="examples/ResourceExhaustion_buffer_fixed.js" /> |
| 34 | + <p> |
38 | 35 |
|
39 | | -</example> |
| 36 | + The following example allocates a buffer with a user-controlled |
| 37 | + size. |
40 | 38 |
|
41 | | -<example> |
| 39 | + </p> |
42 | 40 |
|
43 | | - As another example, consider an application that allocates an |
44 | | - array with a user-controlled size, and then fills it with values: |
| 41 | + <sample src="examples/ResourceExhaustion_buffer.js" /> |
45 | 42 |
|
46 | | - <sample src="examples/ResourceExhaustion_array.js" /> |
| 43 | + <p> |
47 | 44 |
|
48 | | - The allocation of the array itself is not problematic since arrays are |
49 | | - allocated sparsely, but the subsequent filling of the array will take |
50 | | - a long time, causing the application to be unresponsive, or even run |
51 | | - out of memory. |
| 45 | + This is problematic since an attacker can choose a size |
| 46 | + that makes the application run out of memory. Even worse, in older |
| 47 | + versions of Node.js, this could leak confidential memory. |
52 | 48 |
|
53 | | - Again, a limit on the size will prevent the attack: |
| 49 | + To prevent such attacks, limit the buffer size: |
54 | 50 |
|
55 | | - <sample src="examples/ResourceExhaustion_array_fixed.js" /> |
| 51 | + </p> |
56 | 52 |
|
57 | | -</example> |
| 53 | + <sample src="examples/ResourceExhaustion_buffer_fixed.js" /> |
58 | 54 |
|
59 | | -<example> |
| 55 | + </example> |
60 | 56 |
|
61 | | - Finally, the following example lets a user choose delay after |
62 | | - which a function is executed: |
| 57 | + <example> |
63 | 58 |
|
64 | | - <sample src="examples/ResourceExhaustion_timeout.js" /> |
| 59 | + <p> |
65 | 60 |
|
66 | | - This is problematic because a large delay essentially makes the |
67 | | - application wait indefinitely before executing the function. Repeated |
68 | | - registrations of such delays will therefore use up all of the memory |
69 | | - in the application. |
| 61 | + As another example, consider an application that allocates an |
| 62 | + array with a user-controlled size, and then fills it with values: |
70 | 63 |
|
71 | | - Again, a limit on the delay will prevent the attack: |
| 64 | + </p> |
72 | 65 |
|
73 | | - <sample src="examples/ResourceExhaustion_timeout_fixed.js" /> |
| 66 | + <sample src="examples/ResourceExhaustion_array.js" /> |
74 | 67 |
|
| 68 | + <p> |
| 69 | + The allocation of the array itself is not problematic since arrays are |
| 70 | + allocated sparsely, but the subsequent filling of the array will take |
| 71 | + a long time, causing the application to be unresponsive, or even run |
| 72 | + out of memory. |
75 | 73 |
|
76 | | -</example> |
| 74 | + Again, a limit on the size will prevent the attack: |
77 | 75 |
|
78 | | -<references> |
| 76 | + </p> |
79 | 77 |
|
80 | | -</references> |
| 78 | + <sample src="examples/ResourceExhaustion_array_fixed.js" /> |
| 79 | + |
| 80 | + </example> |
| 81 | + |
| 82 | + <example> |
| 83 | + |
| 84 | + <p> |
| 85 | + |
| 86 | + Finally, the following example lets a user choose delay after |
| 87 | + which a function is executed: |
| 88 | + |
| 89 | + <sample src="examples/ResourceExhaustion_timeout.js" /> |
| 90 | + |
| 91 | + This is problematic because a large delay essentially makes the |
| 92 | + application wait indefinitely before executing the function. Repeated |
| 93 | + registrations of such delays will therefore use up all of the memory |
| 94 | + in the application. |
| 95 | + |
| 96 | + Again, a limit on the delay will prevent the attack: |
| 97 | + |
| 98 | + <sample src="examples/ResourceExhaustion_timeout_fixed.js" /> |
| 99 | + |
| 100 | + </p> |
| 101 | + |
| 102 | + </example> |
| 103 | + |
| 104 | + <references> |
| 105 | + |
| 106 | + </references> |
81 | 107 |
|
82 | 108 | </qhelp> |
0 commit comments