Node. js Remote Memory leakage Vulnerability

Node. js Remote Memory leakage Vulnerability

Recently, vulnerabilities have been found in the ws module that allows users to simply send ping data frames to allocate memory. This vulnerability will reject data sending requests and invalidate the ping data frame function. Before that, the data frame load will be increased.
 


 
In fact, this is the specific manifestation of the vulnerability. However, in the module, ws usually converts all the data we want to input into the memory. This is where the vulnerability exists. We did not check the type of the data to be sent. When you need to store a number in nide. js, this vulnerability will automatically allocate a large number of bytes of string space to the number, thus increasing the memory load.
Var x = new Buffer (100 );
//
Var x = new Buffer ('20140901 ');
For data with only three valid bytes, the system allocates a storage space of 100 bytes. Therefore, when the server needs to accept a 1000-byte ping data frame, the system will allocate the remaining space to the 100-byte data frame based on the previously uncleared 1000-byte space, this will cause data confusion and lead to memory storage vulnerabilities.
Var ws = require ('ws ')
Var server = new ws. Server ({port: 9000 })
Var client = new ws ('ws: // localhost: 9000 ')
Client. on ('open', function (){
Console. log ('open ')
Client. ping (50) // this makes the server return a non-zeroed buffer of 50 bytes
Client. on ('pong ', function (data ){
Console. log ('got pong ')
Console. log (data) // a non-zeroed out allocated buffer returned from the server
})
})
 
There are two factors that can slightly mitigate the impact of this vulnerability:
1. Any modern operating system kernel clears the original memory page before encapsulating the memory page as a process, so as to provide cache space for new data entering the memory. This means that only the previously used memory pages and Data Pages released by the node process will be leaked.
2. node. js generates some large internal buffers in JavaScipt and divides these large buffers into many small usable cache blocks to manage the storage space. Because of the impact of discarded data, these cache blocks are not stored on the V8 engine. The advantage of this is that only data on memory pages previously allocated as a buffer zone will be leaked.