Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

streams: limit error resets for misbehaving connections #737

Merged
merged 1 commit into from
Jan 17, 2024

Conversation

Noah-Kennedy
Copy link
Contributor

This change causes GOAWAYs to be issued to misbehaving connections which for one reason or another cause us to emit lots of error resets.

Error resets are not generally expected from valid implementations anyways.

The threshold after which we issue GOAWAYs is tunable, and will default to 1024.

This change causes GOAWAYs to be issued to misbehaving connections which for one reason or another cause us to emit lots of error resets.

Error resets are not generally expected from valid implementations anyways.

The threshold after which we issue GOAWAYs is tunable, and will default to 1024.
@seanmonstar seanmonstar merged commit 59570e1 into hyperium:master Jan 17, 2024
7 checks passed
@Noah-Kennedy Noah-Kennedy deleted the noah/limit-error-resets branch January 17, 2024 19:04
longbowlu added a commit to MystenLabs/sui that referenced this pull request Jan 17, 2024
## Description 

```
cargo deny check advisories
error[vulnerability]: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
    ┌─ /Users/luzhang/Workplaces/sui/Cargo.lock:415:1
    │
415 │ h2 0.3.18 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0003
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0003
    = An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the
      generation of reset frames on the victim endpoint.
      By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion,
      resulting in Out Of Memory (OOM) and high CPU usage.

      This fix is corrected in [hyperium/h2#737](hyperium/h2#737), which limits the total number of
      internal error resets emitted by default before the connection is closed.
    = Solution: Upgrade to ^0.3.24 OR >=0.4.2 (try `cargo update -p h2`)
    = h2 v0.3.18

```

## Test Plan 

cargo deny check advisories


---
If your changes are not user-facing and do not break anything, you can
skip the following section. Otherwise, please briefly describe what has
changed under the Release Notes section.

### Type of Change (Check all that apply)

- [ ] protocol change
- [ ] user-visible impact
- [ ] breaking change for a client SDKs
- [ ] breaking change for FNs (FN binary must upgrade)
- [ ] breaking change for validators or node operators (must upgrade
binaries)
- [ ] breaking change for on-chain data layout
- [ ] necessitate either a data wipe or data migration

### Release notes
Desiki-high added a commit to Desiki-high/nydus that referenced this pull request Jan 18, 2024
ID: RUSTSEC-2024-0003
Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0003
An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the
generation of reset frames on the victim endpoint.
By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion,
resulting in Out Of Memory (OOM) and high CPU usage.

This fix is corrected in [hyperium/h2#737](hyperium/h2#737), which limits the total number of
internal error resets emitted by default before the connection is closed.

Signed-off-by: Yadong Ding <ding_yadong@foxmail.com>
imeoer pushed a commit to dragonflyoss/nydus that referenced this pull request Jan 18, 2024
ID: RUSTSEC-2024-0003
Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0003
An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the
generation of reset frames on the victim endpoint.
By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion,
resulting in Out Of Memory (OOM) and high CPU usage.

This fix is corrected in [hyperium/h2#737](hyperium/h2#737), which limits the total number of
internal error resets emitted by default before the connection is closed.

Signed-off-by: Yadong Ding <ding_yadong@foxmail.com>
wlmyng pushed a commit to MystenLabs/sui that referenced this pull request Jan 19, 2024
## Description 

```
cargo deny check advisories
error[vulnerability]: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
    ┌─ /Users/luzhang/Workplaces/sui/Cargo.lock:415:1
    │
415 │ h2 0.3.18 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0003
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0003
    = An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the
      generation of reset frames on the victim endpoint.
      By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion,
      resulting in Out Of Memory (OOM) and high CPU usage.

      This fix is corrected in [hyperium/h2#737](hyperium/h2#737), which limits the total number of
      internal error resets emitted by default before the connection is closed.
    = Solution: Upgrade to ^0.3.24 OR >=0.4.2 (try `cargo update -p h2`)
    = h2 v0.3.18

```

## Test Plan 

cargo deny check advisories


---
If your changes are not user-facing and do not break anything, you can
skip the following section. Otherwise, please briefly describe what has
changed under the Release Notes section.

### Type of Change (Check all that apply)

- [ ] protocol change
- [ ] user-visible impact
- [ ] breaking change for a client SDKs
- [ ] breaking change for FNs (FN binary must upgrade)
- [ ] breaking change for validators or node operators (must upgrade
binaries)
- [ ] breaking change for on-chain data layout
- [ ] necessitate either a data wipe or data migration

### Release notes
ryanfrishkorn added a commit to ryanfrishkorn/weather-rs that referenced this pull request Feb 2, 2024
See h2 crate security pull request
hyperium/h2#737
ryanfrishkorn added a commit to ryanfrishkorn/morpha that referenced this pull request Feb 2, 2024
See h2 security pull request:
hyperium/h2#737
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants