Thanks Ingela. I tried with your patch and it is working fine. Will run it whole day and let you know. Will this be part of official release?<br><br><div class="gmail_quote">On Wed, Jun 1, 2011 at 2:05 PM, Ingela Andin <span dir="ltr"><<a href="mailto:ingela.andin@gmail.com">ingela.andin@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi!<br>
<br>
Will the following patch make the problem go away?<br>
<br>
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl<br>
index f1c0073..ed57166 100644<br>
--- a/lib/ssl/src/ssl_record.erl<br>
+++ b/lib/ssl/src/ssl_record.erl<br>
@@ -62,6 +62,8 @@<br>
<br>
-compile(inline).<br>
<br>
+-define(INITIAL_BYTES, 5).<br>
+<br>
%%====================================================================<br>
%% Internal application API<br>
%%====================================================================<br>
@@ -368,8 +370,12 @@ get_tls_records_aux(<<1:1, Length0:15, _/binary>>,_Acc)<br>
?ALERT_REC(?FATAL, ?RECORD_OVERFLOW);<br>
<br>
get_tls_records_aux(Data, Acc) -><br>
- {lists:reverse(Acc), Data}.<br>
-<br>
+ case size(Data) =< ?MAX_CIPHER_TEXT_LENGTH + ?INITIAL_BYTES of<br>
+ true -><br>
+ {lists:reverse(Acc), Data};<br>
+ false -><br>
+ ?ALERT_REC(?FATAL, ?UNEXPECTED_MESSAGE)<br>
+ end.<br>
%%--------------------------------------------------------------------<br>
-spec protocol_version(tls_atom_version() | tls_version()) -><br>
tls_version() | tls_atom_version().<br>
<br>
<br>
Regards Ingela Erlang/OTP team - Ericsson AB<br>
<br>
<br>
2011/6/1 vinod hg <<a href="mailto:vinodhg@gmail.com">vinodhg@gmail.com</a>>:<br>
<div><div></div><div class="h5">> Hi,<br>
><br>
><br>
><br>
> I am using mochiweb as a https web server for my application (Secured socket<br>
> layer). I am new to security.<br>
><br>
> One of the users reported that sending random data to the web server port<br>
> makes beam.smp to consume 100% CPU indefinitely for a very long period.<br>
><br>
><br>
><br>
> Step to reproduce<br>
><br>
> 1. Start a mochiweb https server (can use mochiweb web storage app<br>
> example provided with no other options) on a specific port (ex: 8443 )<br>
><br>
> 2. Run the command “nc [IP address] 8443 < /dev/urandom”<br>
><br>
> 3. The server rejects the connection (you may get ssl record error<br>
> sometimes). The command returns to the shell<br>
><br>
> 4. Repeat the above command for some time till the command doesn’t<br>
> return back to shell.<br>
><br>
> 5. Observe beam.smp taking 100% CPU and also memory getting increase.<br>
> (It may reach system limit and crash)<br>
><br>
> 6. If you stop the command (nc ^C), it returns to normal<br>
><br>
><br>
><br>
> Observations<br>
><br>
> It is reproducible in both Linux and windows.<br>
><br>
> It happens for other https web server (tried with musultin)<br>
><br>
> It does not happen for http server (should be in lib ssl).<br>
><br>
> Tried giving different SSL options like {verify, verify_peer} with empty<br>
> certificate as valid, but did not help.<br>
><br>
> For other web servers written in other language this is not the behavior.<br>
> Example lighttpd (php) nc just returns back to shell everytime.<br>
><br>
><br>
><br>
><br>
><br>
> I debugged the issue to find that in other cases where the nc commands<br>
> return immediately to shell the ssl connection does not succeed (behaves<br>
> normally).<br>
><br>
> But for the case where nc does not return back, the call is in an infinite<br>
> loop “next_tls_record in ssl_connection.erl” , thus making the CPU to take<br>
> 100% and in memory increase.<br>
><br>
><br>
><br>
> This can lead denial of service attack. Is this a bug and should I raise it<br>
> in bug report forum.<br>
><br>
><br>
><br>
> Any help will be appreciated.<br>
><br>
> Thanks & Regards,<br>
><br>
> Vinod<br>
><br>
</div></div>> _______________________________________________<br>
> erlang-questions mailing list<br>
> <a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
> <a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
><br>
><br>
</blockquote></div><br><br clear="all"><br>-- <br><div><br></div>Thanks & Regards,<br>Vinod H. G.<br>