user/dev discussion of public-inbox itself
 help / color / mirror / code / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download mbox.gz: |
* [PATCH 0/3] http: some DoS prevention
@ 2016-03-06  2:09  6% Eric Wong
  2016-03-06  2:09  7% ` [PATCH 3/3] http: reject excessively large HTTP request bodies Eric Wong
  0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2016-03-06  2:09 UTC (permalink / raw)
  To: meta

Since public-inbox-httpd is may face untrusted clients directly
without a reverse proxy like haproxy/nginx; we should have some
basic protection to avoid DoS attacks involving excessive
resource use.

Eric Wong (3):
      http: reject excessive headers
      http: ensure errors are printable before PSGI env
      http: reject excessively large HTTP request bodies

 lib/PublicInbox/HTTP.pm | 23 ++++++++++++++++++++---
 t/httpd-corner.t        | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 3 deletions(-)

^ permalink raw reply	[relevance 6%]

* [PATCH 3/3] http: reject excessively large HTTP request bodies
  2016-03-06  2:09  6% [PATCH 0/3] http: some DoS prevention Eric Wong
@ 2016-03-06  2:09  7% ` Eric Wong
  0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2016-03-06  2:09 UTC (permalink / raw)
  To: meta; +Cc: Eric Wong

We cannot risk using all of a users' disk space buffering
gigantic requests.  Use the defaults git gives us since
we primarily host git repositories.
---
 lib/PublicInbox/HTTP.pm | 13 +++++++++++++
 t/httpd-corner.t        | 21 +++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/lib/PublicInbox/HTTP.pm b/lib/PublicInbox/HTTP.pm
index 15db139..0675f6a 100644
--- a/lib/PublicInbox/HTTP.pm
+++ b/lib/PublicInbox/HTTP.pm
@@ -24,6 +24,12 @@ use constant {
 	CHUNK_MAX_HDR => 256,
 };
 
+# Use the same configuration parameter as git since this is primarily
+# a slow-client sponge for git-http-backend
+# TODO: support per-respository http.maxRequestBuffer somehow...
+our $MAX_REQUEST_BUFFER = $ENV{GIT_HTTP_MAX_REQUEST_BUFFER} ||
+			(10 * 1024 * 1024);
+
 my $null_io = IO::File->new('/dev/null', '<');
 my $http_date;
 my $prev = 0;
@@ -232,6 +238,10 @@ sub input_prepare {
 	my $input = $null_io;
 	my $len = $env->{CONTENT_LENGTH};
 	if ($len) {
+		if ($len > $MAX_REQUEST_BUFFER) {
+			quit($self, 413);
+			return;
+		}
 		$input = IO::File->new_tmpfile;
 	} elsif (env_chunked($env)) {
 		$len = CHUNK_START;
@@ -306,6 +316,9 @@ sub event_read_input_chunked { # unlikely...
 		if ($len == CHUNK_START) {
 			if ($$rbuf =~ s/\A([a-f0-9]+).*?\r\n//i) {
 				$len = hex $1;
+				if (($len + -s $input) > $MAX_REQUEST_BUFFER) {
+					return quit($self, 413);
+				}
 			} elsif (length($$rbuf) > CHUNK_MAX_HDR) {
 				return quit($self, 400);
 			}
diff --git a/t/httpd-corner.t b/t/httpd-corner.t
index 8670846..59f37aa 100644
--- a/t/httpd-corner.t
+++ b/t/httpd-corner.t
@@ -97,6 +97,27 @@ my $spawn_httpd = sub {
 	like($head, qr/\b400\b/, 'got 400 response');
 }
 
+{
+	my $conn = conn_for($sock, 'excessive body Content-Length');
+	$SIG{PIPE} = 'IGNORE';
+	my $n = (10 * 1024 * 1024) + 1;
+	$conn->write("PUT /sha1 HTTP/1.0\r\nContent-Length: $n\r\n\r\n");
+	ok($conn->read(my $buf, 8192), 'read response');
+	my ($head, $body) = split(/\r\n\r\n/, $buf);
+	like($head, qr/\b413\b/, 'got 413 response');
+}
+
+{
+	my $conn = conn_for($sock, 'excessive body chunked');
+	$SIG{PIPE} = 'IGNORE';
+	my $n = (10 * 1024 * 1024) + 1;
+	$conn->write("PUT /sha1 HTTP/1.1\r\nTransfer-Encoding: chunked\r\n");
+	$conn->write("\r\n".sprintf("%x\r\n", $n));
+	ok($conn->read(my $buf, 8192), 'read response');
+	my ($head, $body) = split(/\r\n\r\n/, $buf);
+	like($head, qr/\b413\b/, 'got 413 response');
+}
+
 # Unix domain sockets
 {
 	my $u = IO::Socket::UNIX->new(Type => SOCK_STREAM, Peer => $upath);
-- 
EW


^ permalink raw reply related	[relevance 7%]

Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2016-03-06  2:09  6% [PATCH 0/3] http: some DoS prevention Eric Wong
2016-03-06  2:09  7% ` [PATCH 3/3] http: reject excessively large HTTP request bodies Eric Wong

Code repositories for project(s) associated with this public inbox

	https://80x24.org/public-inbox.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).