Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:89468 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 41058 invoked from network); 27 Nov 2015 16:12:12 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Nov 2015 16:12:12 -0000 Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.194 as permitted sender) X-PHP-List-Original-Sender: nikita.ppv@gmail.com X-Host-Fingerprint: 209.85.160.194 mail-yk0-f194.google.com Received: from [209.85.160.194] ([209.85.160.194:34659] helo=mail-yk0-f194.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F0/09-04444-BD088565 for ; Fri, 27 Nov 2015 11:12:11 -0500 Received: by ykay124 with SMTP id y124so10634076yka.1 for ; Fri, 27 Nov 2015 08:12:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=s2moX7CKABsARD3x9iXlZ71wq79XrOmv0PTaGLYzBk8=; b=SNi2mY+vrkdkZQc9wo6ArhI3iTrzDftOcfdXdVyE7tSYBtvK9vX3t96OQuAv/iI67z 1feXoTd668/zh9gInAuC963r+ubsrdFGjieUWfgZMW8ygO5tvO5pw8PCGUjhB7bhShYF 5iXGbExrr//nErllEBHLT7UY6YSgLe3KdP6EAMIPGkCn5FFyBwmFAdc+28QzUgDJlHCq clxQcC9rhn3d5XQibvAsM/1y4ngRI4zqa4DX/XLZqSj2nbFWIXTbMTpIulNdSgR5jGIC 0o1u3QsNWLBJuxPYqycqCFePgZrbCB1TC0VMubndN/2LqBnfXQQ3avQMpccji5JRqJmy 1zxg== MIME-Version: 1.0 X-Received: by 10.129.102.131 with SMTP id a125mr31370863ywc.139.1448640728871; Fri, 27 Nov 2015 08:12:08 -0800 (PST) Received: by 10.13.248.130 with HTTP; Fri, 27 Nov 2015 08:12:08 -0800 (PST) In-Reply-To: References: Date: Fri, 27 Nov 2015 17:12:08 +0100 Message-ID: To: Niklas Keller Cc: PHP internals Content-Type: multipart/alternative; boundary=001a114904a80d3c3c052587f46c Subject: Re: [PHP-DEV] HashDos protection From: nikita.ppv@gmail.com (Nikita Popov) --001a114904a80d3c3c052587f46c Content-Type: text/plain; charset=UTF-8 On Thu, Nov 26, 2015 at 8:35 PM, Niklas Keller wrote: > Would this be a catchable Error (implementing Throwable) or a real fatal? > Having a real fatal could lead to a DOS in Aerys as you'd be able to crash > workers with carefully crafted input variables then. > It would be a real fatal error. Throwing an exception in this place would be problematic, as we're inserting into hashtables all over the place and not all of these places are exception-safe. Many places also make the reasonable assumption that (normal) insert operations always succeed. You are correct in saying that this approach would mean that you can now easily trigger a fatal error in an application that was previously susceptible to HashDos (and likely also in some that previously were not). In most cases this should not be a problem, however for Aerys and likely other daemons a fatal error implies losing all connections on the current worker. This may effectively be worse than a HashDos attack. The only thing I can think to offer here is to make the collision number threshold ini configurable, so you would have the ability to effectively disable this protection. In that case you'd have to manually perform size checks in the right places if you wish to protect against HashDos. I'm fine with having a solution that only works for the 99% of applications, until such a time, if ever, as we can feasibly implement one of the alternative schemes that would cover all possible scenarios. Nikita --001a114904a80d3c3c052587f46c--