On 23/01/17 13:05, Markus Laker wrote:
On Monday, 23 January 2017 at 10:44:50 UTC, Shachar Shemesh wrote:
Of course, if, instead of 50% we increase by less (say, 20%), we could
reuse previously used memory even sooner.
Yes, you're right, of course: expansion of strings and other arrays is a
classic time-versus-space trade-off. However, expanding strings more
slowly is a much bigger change than I have the D experience or
credentials to suggest. And I don't think it really solves the problem:
it just requires the attacker to wait another few seconds for /dev/zero
to deliver enough data to fill up memory. A simple length-check in
readln, in contrast, would prevent an attacker from flooding us with
data in the first place.
Markus
It would mean we consume an order of magnitude of the amount of memory
the "attacker" sends.
There is a huge difference between "I send an unterminated string 2GB
long, and it takes 2GB of memory, causing trouble", and "I send an
unterminated string 2GB long, and it takes 4GB of memory, causing trouble".
The second is a problem. The first might be obvious and/or benign,
depending on the use case.
Shachar
