Node. js Remote Memory leakage Vulnerability

Source: Internet
Author: User

Node. js Remote Memory leakage Vulnerability

Recently, vulnerabilities have been found in the ws module that allows users to simply send ping data frames to allocate memory. This vulnerability will reject data sending requests and invalidate the ping data frame function. Before that, the data frame load will be increased.
 


 
In fact, this is the specific manifestation of the vulnerability. However, in the module, ws usually converts all the data we want to input into the memory. This is where the vulnerability exists. We did not check the type of the data to be sent. When you need to store a number in nide. js, this vulnerability will automatically allocate a large number of bytes of string space to the number, thus increasing the memory load.
Var x = new Buffer (100 );
//
Var x = new Buffer ('20140901 ');
For data with only three valid bytes, the system allocates a storage space of 100 bytes. Therefore, when the server needs to accept a 1000-byte ping data frame, the system will allocate the remaining space to the 100-byte data frame based on the previously uncleared 1000-byte space, this will cause data confusion and lead to memory storage vulnerabilities.
Var ws = require ('ws ')
Var server = new ws. Server ({port: 9000 })
Var client = new ws ('ws: // localhost: 9000 ')
Client. on ('open', function (){
Console. log ('open ')
Client. ping (50) // this makes the server return a non-zeroed buffer of 50 bytes
Client. on ('pong ', function (data ){
Console. log ('got pong ')
Console. log (data) // a non-zeroed out allocated buffer returned from the server
})
})
 
There are two factors that can slightly mitigate the impact of this vulnerability:
1. Any modern operating system kernel clears the original memory page before encapsulating the memory page as a process, so as to provide cache space for new data entering the memory. This means that only the previously used memory pages and Data Pages released by the node process will be leaked.
2. node. js generates some large internal buffers in JavaScipt and divides these large buffers into many small usable cache blocks to manage the storage space. Because of the impact of discarded data, these cache blocks are not stored on the V8 engine. The advantage of this is that only data on memory pages previously allocated as a buffer zone will be leaked.
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.