Issue E. Denial of Service by Uploading Lots of Header Lines
At 2014-04-23 11:54:27 Arturo Filastò wrote: By uploading megabytes of headers an attacker can consume the server's CPU.
Technical Details
In oonib/testhelpers/http_helpers.py the SimpleHTTPChannel has unbounded buffers self.headers (the list of headers) and self.__header (the latest header line). Twisted limits the line lengths, but the latest header can be extended indefinitely.
Each extension line takes time linear in len(self.__header), adding up to time superlinear in the number of lines. In an experiment on a laptop with just this line of code isolated, after a megabyte of ' \n' repeated as input it was taking about 0.1 milliseconds of CPU per extra byte of input.
Remediation
Change the code to bound the length of self.__header and to enforce the currently-unused maxHeaders limit on self.headers. Also, use += or string.join to concatenate strings, to take linear instead of superlinear time overall.
This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/304