On Wed, Apr 26, 2017 at 09:48:12AM +0200, Michal Privoznik wrote:
On 04/25/2017 04:06 PM, Daniel P. Berrange wrote:
> On Tue, Apr 25, 2017 at 09:22:51AM +0200, Michal Privoznik wrote:
>> Dear list,
>>
> I see three possible options (besides ignoring it)
>
> - Turn off the keepalive somehow when we want to pause reading from
> the stream
>
> - Somehow introduce stream "chunking". eg assume a chunk size of 10 MB
> is somehow enabled. The server would send 10 MB, and then not send
> any more data until the client issued a "continue" message of some
> kind, whereupon a further 10 MB is permitted to be sent.
This could work. But what I am worried about is that this relies on the
other side playing nicely. IOW the attack surface is still the same.
If the client receives more than 10 MB without it having sent the
"continue" message, then it is justified in just dropping the connection,
so I think that avoids the attack from malicious server.
BTW: I've done testing the other way when iohelper is slow. In
this case
the connection dies due to keepalive.
Right, so to solve it we would need the chunking in both directions.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|