No way to limit memory usage
shahn opened this issue · comments
bincode
allows limiting the memory usage of deserialized objects, and async-bincode
should probably provide a facility for this as well. Without it, attackers are able to consume up to 8GB of RAM (2* 2^32 bytes, once for the buffer, the other for the deserialized message).
In addition, on 32bit platforms, the calculation of the needed buffer size is prone to an overflow. As far as I can see, this is not actually problematic as it just causes the deserialization to fail. The memory exhaustion attack due to being unable to limit memory consumed for buffers is probably the worse vector on these platforms.
That seems reasonable! I'd be happy to take a PR 👍
My idea depends was to use the bincode config struct, but that currently lacks a getter for the set limit. bincode-org/bincode#598 is about implementing that, but it will need to wait for bincode 2 to be released. I guess there are three options: a) use a custom limit implementation (and don't expose a way to change endianness etc in async-bincode). b) add the ability to provide a bincode Options
but don't use the limit before bincode 2 or c) do b) but also put in a manual way to set a limit.
Do you have a preference?
I'd prefer for us to have our own copy of that type rather than re-using that of bincode
so that we don't have a bincode
type in our public API (which would tie us to their major versions).