We are using rocketamf on our server to serialize data from remote client, which is the most case, but have found it could be easily attack by abused String::to_sym.
File:
lib/rocketamf/pure/deserializer.rb => to_sym
ext/rocketamf_ext/deserializer.c => rb_str_intern
As it is, rocketamf will convert every key in an object to sym, but in Ruby, the memory of a symbol will never be released. So, when a client transfer malicious data to server, our server will certainly get DoS attacked.
Maybe solutions:
no more use to_sym, only string as key. Some old code use rocketamf will not work.
to_sym only if the special symbol already exists. This maybe a good solution, but sometimes make something unexpected.
give an extra argument for deserializing amf object.
We are using rocketamf on our server to serialize data from remote client, which is the most case, but have found it could be easily attack by abused String::to_sym. File: lib/rocketamf/pure/deserializer.rb => to_sym ext/rocketamf_ext/deserializer.c => rb_str_intern As it is, rocketamf will convert every key in an object to sym, but in Ruby, the memory of a symbol will never be released. So, when a client transfer malicious data to server, our server will certainly get DoS attacked.
Maybe solutions: