Preventing Denial of Service Attack In IPC Serialization
There are some problems that seem to have no good solution, and since
this is one of them, I decided to ask here rather than think too hard
about it myself. :)
I have a framework where I send strings between two nodes on a
network, serializing the strings through a Socket object:
socket << s;
The obvious implementation of serializing a string is to have the
source first send the count of characters in the string, then the
characters themselves. The target will allocate a buffer to hold
"count" characters, then fill in the buffer with the actual characters
as they arrive from the target.
An attacker can wreak havoc with this model by injecting bogus packets
into the network to arrive at the target and present a "count" as a
very large number, say, 100,000,000. The target will unwittingly
char *buffer = new char;
The attempt to allocate will either succeed or fail. If it succeeds,
100MB of virtual memory will be lost, which is, in a sense, worse than
if it fails.
I do have security mechanisms in my framework that eliminates this
problem, but there are scenarios where the user of my framework will
deliberately and necessarily choose not to enable the security
What then can I do to stop this problem?
I considered placing an artificial limit on allocation of memory for a
string or any other free-store-consuming object.
I also considered placing the entire thread that would invoke operator
new() on a kind of free-store limit, so that any attempt to breach
that limit would result in exception being thrown. Neither of these
solutions feel right.
My gut feeling is that I will eventually discover that no solution
feels right, but thought I would ask before giving up.
-Le Chaud Lapin-
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]