Tested and this does appear to both address the DoS as well as reduce memory usage for "excessive" range requests…
+1 for adding this no matter what. On Aug 24, 2011, at 7:38 PM, Stefan Fritsch wrote: > On Thursday 25 August 2011, Greg Ames wrote: >> On Wed, Aug 24, 2011 at 5:16 PM, Stefan Fritsch <s...@sfritsch.de> > wrote: >>> I have another idea: Instead of using apr_brigade_partition write >>> a new function ap_brigade_copy_part that leaves the original >>> brigade untouched. It would copy the necessary buckets to a new >>> brigade and then split the first and last of those copied >>> buckets as necessary and destroy the excess buckets. AFAICS, >>> this would reduce the quadratic growth into linear. Do you think >>> that would solve our problems? >> >> How does apr_brigade_partition contribute to quadratic growth? >> Does the original brigade end up with a lot of one byte buckets? > > Yes, it splits the buckets in the original brigade, creating up to two > new buckets for every range. These split one-byte buckets are then > copied again for each of the subsequent ranges. > > The attached PoC patch does not change the original brigade and seems > to fix the DoS for me. It needs some more work and some review for > integer overflows, though. (apr_brigade_partition does some > interesting things there). > <range-linear.diff>
