[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hybi] WS framing alternative

From: Greg Wilkins <gregw at webtide.com>
To: hybi at ietf.org
Date: Sat, 31 Oct 2009 10:55:19 +1100
In-reply-to: <20091030124644.GC3579 at shareable.org>
References: <8B0A9FCBB9832F43971E38010638454F0F1EA72C at SISPE7MB1.commscope.com> <Pine.LNX.4.62.0910270903080.9145 at hixie.dreamhostps.com> <a9699fd20910270426u4aa508cepf557b362025ae5db at mail.gmail.com> <Pine.LNX.4.62.0910271824200.25616 at hixie.dreamhostps.com> <4AE76137.8000603 at webtide.com> <Pine.LNX.4.62.0910272118590.25608 at hixie.dreamhostps.com> <20091029123121.GA24268 at almeida.jinsky.com> <4AEA0E6C.1060607 at webtide.com> <4AEA5713.8020008 at it.aoyama.ac.jp> <Pine.LNX.4.62.0910300346010.25616 at hixie.dreamhostps.com> <20091030124644.GC3579 at shareable.org>

Jamie Lokier wrote:

> Result: Because of assumptions, 0xff bytes will be sent occasionally
> in the middle of a frame.  Everything afterwards will break, but it'll
> be rare enough that the author doesn't notice.  For the same reason
> you've explained authors get lengths wrong.
> 
> The sentinel approach does not solve this fragility problem, it merely
> shifts it around to a different place.

The sentinel approach also opens an easy attack vector.   If user data
is sent, then tricking a poor implementation into sending an OxFF
will allow packet insertion.

This is similar to CRLFCRLF insertion attacks that can happen
if user data is set unfiltered into a HTTP header and/or cookie.

length framing avoids this vulnerability.

Note also that my proposal for a meta-data bit would allow
headers to be sent in one length frame and data in another, so
the CRLFCRLF sentinel would not be needed and that vulnerability
would also be avoided.

regards

References:
- [hybi] WS framing alternative
  - From: Thomson, Martin
- Re: [hybi] WS framing alternative
  - From: Ian Hickson
- Re: [hybi] WS framing alternative
  - From: Thomas Broyer
- Re: [hybi] WS framing alternative
  - From: Ian Hickson
- Re: [hybi] WS framing alternative
  - From: Greg Wilkins
- Re: [hybi] WS framing alternative
  - From: Ian Hickson
- Re: [hybi] WS framing alternative
  - From: Rory Byrne
- Re: [hybi] WS framing alternative
  - From: Greg Wilkins
- Re: [hybi] WS framing alternative
  - From: "Martin J. Dürst"
- Re: [hybi] WS framing alternative
  - From: Ian Hickson
- Re: [hybi] WS framing alternative
  - From: Jamie Lokier

Prev by Date: Re: [hybi] hybi Digest, Vol 8, Issue 41
Next by Date: Re: [hybi] hybi Digest, Vol 8, Issue 41
Previous by thread: Re: [hybi] WS framing alternative
Next by thread: Re: [hybi] WS framing alternative
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.