Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hotdog should not crash on oversized log lines when TLS is enabled #31

Open
rtyler opened this issue May 25, 2020 · 2 comments
Open

Hotdog should not crash on oversized log lines when TLS is enabled #31

rtyler opened this issue May 25, 2020 · 2 comments
Labels
blocked This issue is blocked by an external condition bug Something isn't working

Comments

@rtyler
Copy link
Member

rtyler commented May 25, 2020

Based on the investigation from #1, there is a potential denial of service attack (intentional or not) when sending oversized lines to the daemon.

The better behavior is to disconnect the peer.
@rtyler rtyler added the bug Something isn't working label May 25, 2020
@rtyler rtyler self-assigned this May 25, 2020
@rtyler
Copy link
Member Author

rtyler commented May 25, 2020

Oversized being 64k in #1, which is a silly-big log line to be sending

@rtyler rtyler changed the title Hotdog should not crash on oversized log lines Hotdog should not crash on oversized log lines when TLS is enabled May 25, 2020
@rtyler
Copy link
Member Author

rtyler commented May 25, 2020

Filed the reproduction case upstream, since it appears to be a bug in async-tls and async-std: async-rs/async-std#796

@rtyler rtyler removed their assignment May 25, 2020
@rtyler rtyler added the blocked This issue is blocked by an external condition label May 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked This issue is blocked by an external condition bug Something isn't working
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rtyler