jsip
  1. jsip
  2. JSIP-387

Stack robustness is weak with TCP

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Robustness test show various problems cleaning up TCP connections and overflow issues. Will report them individually in this issue.

        Activity

        Hide
        vralev added a comment -

        The first change is about disconnecting the TCP socket as soon as we see that the remote side sends malformed requests.
        The second change is to limit the maximum line length, especially before the content-length header, because it is a common overflow attack to fill the headers with garbage. The limit is maxMessageSize/2.
        The third change is to limit the Alert-Info headers to something reasonable like 30 headers, which is parsed differently.
        The fourth change is to limit the Length of the Content-Length header itself - garbage in this header can overflow.

        Show
        vralev added a comment - The first change is about disconnecting the TCP socket as soon as we see that the remote side sends malformed requests. The second change is to limit the maximum line length, especially before the content-length header, because it is a common overflow attack to fill the headers with garbage. The limit is maxMessageSize/2. The third change is to limit the Alert-Info headers to something reasonable like 30 headers, which is parsed differently. The fourth change is to limit the Length of the Content-Length header itself - garbage in this header can overflow.
        Show
        vralev added a comment - Linked to http://code.google.com/p/mobicents/issues/detail?id=2669&q=reporter%3Ame&colspec=ID%20Priority%20Component%20Milestone%20MSPS%20SLEE%20SubComponent%20Version%20Release%20Type%20Status%20Owner%20Summary

          People

          • Assignee:
            vralev
            Reporter:
            vralev
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: