W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Header compression: buffer management

From: James M Snell <jasnell@gmail.com>
Date: Thu, 21 Mar 2013 12:45:24 -0700
Message-ID: <CABP7RbdL=cV2qSMBA3Me65T8tGaU3p9F5Wc690Jqk7q8xk_=iw@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: RUELLAN Herve <Herve.Ruellan@crf.canon.fr>, ietf-http-wg@w3.org
I've briefly looked at this and it definitely is a challenge.  With delta,
we at least have the benefit of allowing the decompressor to set an upper
bound on stored state size,  but even that can be problematic under heavy
load and does not completely resolve the issue.  For instance,  a malicious
client could potentially send hundreds of junk headers frames intentionally
designed to make the decompressor do significant extra work managing it's
internal buffers.  If the intermediary blindly passes such requests
through,  it will likely end up double buffering the junk data causing even
more issues.  It is obvious that fairly aggressive defensive techniques are
going to be required to watch for bad behavior and compensate. On the plus
side,  a delta decompressor could simply choose to throw up its hands and
give up doing any buffer management, simply passing values through...
Which,  of course just passes the problem on to someone else.
On Mar 21, 2013 9:51 AM, "Poul-Henning Kamp" <phk@phk.freebsd.dk> wrote:

> In message <6C71876BDCCD01488E70A2399529D5E5163F39C4@ADELE.crf.canon.fr>,
> AN Herve writes:
> >In HeaderDiff we chose to let the encoder decide how the buffer is managed
> >(regarding additions and removals). These decisions are encoded on the
> wire
> > and applied by the decoder on its own buffer. We think this choice has
> > several advantages.
> Has this been analysed from a denial-of-service perspective ?
> Anything in the protocol where the client can cause memory allocation
> on the server/proxy/whatever, should be scrutinized in a DoS perspective.
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 21 March 2013 19:45:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:10 UTC