|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: Text request/response spanning - security issue?> This isn't a timeout issue at all Okay, I guess I was sidetracked by "wait indefinitely " in your note. > and none of them may have a 0x00 in it's payload Since we define the max key size in chapter 4, I take it that you are concerned about very long lists causing buffer overruns even while each of the options being within legal size limits? I haven't checked the draft, but it appears that this may need clarification. -- Mallikarjun Mallikarjun Chadalapaka Networked Storage Architecture Network Storage Solutions Organization Hewlett-Packard MS 5668 Roseville CA 95747 cbm@rose.hp.com ----- Original Message ----- From: "Luben Tuikov" <luben@splentec.com> To: "Mallikarjun C." <cbm@rose.hp.com> Cc: "iSCSI" <ips@ece.cmu.edu> Sent: Thursday, March 28, 2002 5:40 PM Subject: Re: iSCSI: Text request/response spanning - security issue? > "Mallikarjun C." wrote: > > > > The expectation is that implementations will set the right timeouts > > to detect and get out of these conditions. The state transitions > > (chapter 5) allow these timeouts as legal events that could cause a > > Login failure. Also take a look at section 6.8, which deals with > > timeouts in text negotiations. > > This isn't a timeout issue at all (but it is a DoS attack). > > The Text Requests can come at the right time, > and none of them may have a 0x00 in it's payload > to indicate end of key=value pair. This will > drain the node's memory. > > There needs to be a limitaion (somehow) on how long > a key=value could ever be (spanning or not). > Negotiated or not. > > "Buffer overrun" rings a bell. > > -- > Luben >
Home Last updated: Thu Mar 28 23:18:13 2002 9374 messages in chronological order |