Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:96127
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 79917 invoked from network); 23 Sep 2016 22:21:49 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Sep 2016 22:21:49 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.66 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.218.66 mail-oi0-f66.google.com  
Received: from [209.85.218.66] ([209.85.218.66:36137] helo=mail-oi0-f66.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 4E/B5-51000-BFAA5E75 for <internals@lists.php.net>; Fri, 23 Sep 2016 18:21:49 -0400
Received: by mail-oi0-f66.google.com with SMTP id i193so9690804oib.3
        for <internals@lists.php.net>; Fri, 23 Sep 2016 15:21:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:cc:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-transfer-encoding;
        bh=PbnRQXxaarGC38IFPopVOn6tFGPrsIG2QxIox13QQHU=;
        b=S4p3ZaRbMst3nFu8hVt8vXkTYC0hRCh1dCW/glS1Pf1DOxSxf5wl3TYhIjwz2LdwyL
         oN0y/WK7uys6yShBKQdXtotE0GHZ60Bmt7PYoUFd9qEEbZY/LBx5Nnz24iJTfGBpYbSw
         aHKGUYGn9a0rCkd+OsaSLuHNLT+MPTdk6eFcotxqXtdYE3QtWth3PGBeYTSKXVJYCUIi
         N09JtQxHz+0EROhNUcm3dA6PxdTygDOyTFfH2n5OnBxP5zi3SM2v8uVgPAljBjDWu1KA
         tRoZHbX1y4hjWlA9TjyN+3TJaC3oV7E4rP6+VxZAaPccAdJLKzJS1wBzpIOqAuJQUhwe
         9O6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:subject:to:references:cc:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding;
        bh=PbnRQXxaarGC38IFPopVOn6tFGPrsIG2QxIox13QQHU=;
        b=M428lHqcMiUhaRwtkFrYL7QARpSRPLGujz1+UTYoRlupvnF86bjKkPFf+y33H6RGQq
         MLOcEaEuL4t76nAGvEVcpAE8cMzQ3bQU6w1bsa1nbvqMv+X0uFVq6ex80YAVNqZ1/mIP
         b7BF4PcRUOCVwhTVVdoIemU6aVo1OMs9dswenHUg2PaedAqz4aVp3R04jNzhMtkhQVU9
         RS0JpyirxaiV2es4kon6dOqs7WLQCHJ0AQL+w7Ok2ecdz0FMKO8ZVc7PSPkydpaXIoqx
         NsLxEtG+4Tp0lOUg8muxwlxoOZ6XK2wF66J8NLK52YI9tRUhz3enMaCjNVNYdllFFd9w
         mD1Q==
X-Gm-Message-State: AE9vXwOWZq8rktOSQOXsbI5pZZMjtwMjJss0zD9XaZ9dnlPsQ6eOIKTtLyg2hXkJvS1UUA==
X-Received: by 10.202.4.21 with SMTP id 21mr13719695oie.91.1474669304796;
        Fri, 23 Sep 2016 15:21:44 -0700 (PDT)
Received: from [192.168.2.102] (108-233-206-104.lightspeed.sntcca.sbcglobal.net. [108.233.206.104])
        by smtp.gmail.com with ESMTPSA id x26sm2805023otd.18.2016.09.23.15.21.43
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 23 Sep 2016 15:21:44 -0700 (PDT)
To: Jakub Zelenka <bukka@php.net>
References: <CAKws9z2EWkNNhM7tOMh-_pQ3iLjVj7hbXTB1Hh3a19utPzj-9A@mail.gmail.com>
 <edeb9734-a3d4-bd96-f57c-fa1687473e1b@gmail.com>
 <CAF+90c9HTpxtY8zeKoOfjdQXTkrVQSw8fb9Ws0-Qs_xmJtttZw@mail.gmail.com>
 <9ce33625-2737-9933-7dd1-4f7930bccfac@gmail.com>
 <CAEKnhAGg829gi7uEBimZqdd-cTvAn4a1HmjDfEoYeLO93_L2wQ@mail.gmail.com>
 <9b0fcfa7-f4f8-bac3-5e1e-7e974f217a94@gmail.com>
 <CAEKnhAF9XGsLqHU5H9aKDA=jWA5iD1ou8UwOX0=OpAC8tnzXdQ@mail.gmail.com>
 <5acaa405-8b76-ce00-1380-614f2f83b549@gmail.com>
 <CAEKnhAG50eG4RQSRjoZGFkSF_as1DZN5OrBWadyQG-chHDuVhw@mail.gmail.com>
 <d430f3ce-38fe-bfd8-95a0-d78132f9985d@gmail.com>
 <BLU437-SMTP86FE3BC2E445E56074B889E2C90@phx.gbl>
 <e176001f-0ab7-6d6c-adfe-8d4a31f1337b@gmail.com>
 <BLU437-SMTP5652D9C5B9D2AC92E4505DE2C80@phx.gbl>
 <b653d6cd-1c3a-f531-4e4f-ccebeefbd3c3@gmail.com>
 <CAEKnhAHM4k4w2g0cxiNM-RH=_mvWjm8a-m7jdCL63SEvjRYQsg@mail.gmail.com>
 <67e0478d-534a-1f8a-6b4c-a95573784001@gmail.com>
 <CAEKnhAFhdFdG3v2NpSRqwm3GuVLe=u=LV1bU7Rh+9F6Pjh=R+g@mail.gmail.com>
Cc: Bob Weinand <bobwei9@hotmail.com>,
 PHP internals list <internals@lists.php.net>
Message-ID: <7426fb32-2eb7-2c65-3cc2-140e16187bb1@gmail.com>
Date: Fri, 23 Sep 2016 15:21:29 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <CAEKnhAFhdFdG3v2NpSRqwm3GuVLe=u=LV1bU7Rh+9F6Pjh=R+g@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] HashDoS
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> I think there is a confusion about the "servers written in PHP". Those
> applications serves more requests in a single (main) PHP request using
> the even loop. Good examples of that are Aerys or ReactPHP. So we don't
> want to kill that main request if one of the handled requests is
> malicious (ideally we just ignore that malicious request and server others).

That can't work well. PHP makes a lot of assumptions in short-lived
requests, and assuming the same request lives forever is bound to cause
a lot of issues - from stale objects sitting around to unoptimal memory
use to eventual overflows in all kinds of counters, etc. Why not use
real servers for server work?
You yourself say you'll have it behind nginx or so - so why not let
nginx do the server part?

We have several hundred places in PHP where fatal error (E_ERROR or
E_CORE_ERROR) can be produced. Of course, some of them are compile-time
but not all of them. E.g., various string overflow scenarios can be
triggered by combining or processing strings (such as uncompressing or
decoding various formats). If you server relies on proxy to filter out
all fatal error scenarios, I'm afraid it's much harder than it seems.

I of course do not propose to make nginx filter JSON data. On the
contrary, I propose when we have clearly malicious DoS attempt (like
string overflow or hash collision overflow) to fail fast instead of
trying to make right and playing whack-a-mole. We have enough fails in
this are already.

-- 
Stas Malyshev
smalyshev@gmail.com