Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Limit address book size to limit memory usage #3162

Merged
merged 5 commits into from
Dec 6, 2021
Merged

Security: Limit address book size to limit memory usage #3162

merged 5 commits into from
Dec 6, 2021

Conversation

teor2345
Copy link
Contributor

@teor2345 teor2345 commented Dec 6, 2021

Motivation

Zebra's address book has no size limit, so malicious peers can make it take up all available memory.

Closes #1873.

Solution

  • set the address book size limit so that our peer address responses are full, and our limit is less than the typical number of peer addresses
  • enforce the address book size limit whenever we insert a new peer
  • add tests for the address book size limit

Review

@oxarbitrage can review this PR.

Reviewer Checklist

  • Code implements Specs and Designs
  • Tests for Expected Behaviour
  • Tests for Errors

@teor2345 teor2345 added P-Medium C-security Category: Security issues I-unbounded-growth Zebra keeps using resources, without any limit A-network Area: Network protocol updates or fixes labels Dec 6, 2021
@teor2345 teor2345 requested a review from oxarbitrage December 6, 2021 07:52
@teor2345 teor2345 self-assigned this Dec 6, 2021
oxarbitrage
oxarbitrage approved these changes Dec 6, 2021
View reviewed changes
Copy link
Contributor

@oxarbitrage oxarbitrage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@oxarbitrage oxarbitrage merged commit 332afc1 into main Dec 6, 2021
@oxarbitrage oxarbitrage deleted the limit-address-book-size branch December 6, 2021 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oxarbitrage oxarbitrage oxarbitrage approved these changes

Assignees

@teor2345 teor2345

Labels
A-network Area: Network protocol updates or fixes C-security Category: Security issues I-unbounded-growth Zebra keeps using resources, without any limit
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security: Zebra's address book can use all available memory
2 participants
@teor2345 @oxarbitrage