search

tempesta-tech / tempesta-test

Test suite for Tempesta FW
10 stars 4 forks source link

test OOM by slow read attack #618

Open kingluo opened 2 months ago

kingluo commented 2 months ago

part of https://github.com/tempesta-tech/tempesta-test/issues/612

CVE-2019-9511 “Data Dribble” CVE-2019-9517 “Internal Data Buffering”

Both attacks accumulate big responses from the backend which causes OOM.

~The strange thing is, keepalive_timeout does not help, it does not reset or fin the TCP connection. For example, in “Internal Data Buffering”, the keepalive timer only stops the TCP retransmits from tempesta but does not reset the connection. I need to look into this more.~

kingluo commented 2 months ago

There are two workarounds for this issue:

  1. keepalive_timeout will send a FIN, so the downstream connection will be closed after the timeout, and the large response body received from the upstream will be discarded, so OOM is avoided.

  2. set http_body_len frang limit.

But IMO, the perfect solution may be to support buffering: https://github.com/tempesta-tech/tempesta/issues/498

I think it also fixes #1715.