Message187532
| Author |
nikratio |
| Recipients |
nikratio |
| Date |
2013年04月21日.22:05:07 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1366581907.51.0.777368903496.issue17813@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
The zlib Decompress.decompress has a max_length parameter that limits the size of the returned uncompressed data.
The lzma and bz2 decompress methods do not have such a parameter.
Therefore, it is not possible to decompress untrusted lzma or bz2 data without becoming susceptible to a DoS attack, as the attacker can force allocation of gigantic buffers by sending just a tiny amount of compressed data:
$ dd if=/dev/zero bs=128k count=10k | bzip2 -9 > nasty.bz2
10240+0 records in
10240+0 records out
1342177280 bytes (1.3 GB) copied, 11.0892 s, 121 MB/s
$ dir nasty.bz2
-rw-rw-r-- 1 nikratio nikratio 977 Apr 21 14:58 nasty.bz2
It would be great if the lzma and bz2 decompressor methods could also get a max_length parameters to make this situation less threatening. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2013年04月21日 22:05:07 | nikratio | set | recipients:
+ nikratio |
| 2013年04月21日 22:05:07 | nikratio | set | messageid: <1366581907.51.0.777368903496.issue17813@psf.upfronthosting.co.za> |
| 2013年04月21日 22:05:07 | nikratio | link | issue17813 messages |
| 2013年04月21日 22:05:07 | nikratio | create |
|