Skip to content
This repository has been archived by the owner on Jul 24, 2021. It is now read-only.

API 0.6: DoS on malformed diff upload request #1568

Closed
openstreetmap-trac opened this issue Jul 23, 2021 · 2 comments
Closed

API 0.6: DoS on malformed diff upload request #1568

openstreetmap-trac opened this issue Jul 23, 2021 · 2 comments

Comments

@openstreetmap-trac
Copy link

Reporter: ivansanchez[at]escomposlinux.org
[Submitted to the original trac issue database at 2.46pm, Sunday, 8th February 2009]

I'm using the Rails port rev. 13597 (2008-02-08) in a test environment. I can hang up the rails server by uploading a well-formed but empty changeser.

How to reproduce: upload an empty osmChange file to a malformed URL. The URL has to be one of a changeset upload, but with a null changeset. Note the '//':
POST http://(user):(passwd)@localhost:3000/api/0.6/changeset//upload

Any of the following examples will do:

<osmChange version='0.6' generator='php_bulk_uploader'><create version='0.6' generator='php_bulk_uploader'></create></osmChange>

<osmChange version='0.6' generator='php_bulk_uploader'></osmChange>

<osmChange version='0.6' generator='php_bulk_uploader'><delete version='0.6' generator='php_bulk_uploader'></delete></osmChange>

<osmChange version='0.6' generator='php_bulk_uploader'><modify version='0.6' generator='php_bulk_uploader'></modify></osmChange>

Interestingly enough, this won't trigger the bug:

The ruby process seems to enter an infinite loop and waste 100% CPU. I consider this bug to be a potential DoS attack on the API servers.

@openstreetmap-trac
Copy link
Author

Author: ivansanchez[at]escomposlinux.org
[Added to the original trac issue at 3.45pm, Sunday, 8th February 2009]

Note to self: use the "preview" button when using trac.

@openstreetmap-trac
Copy link
Author

Author: Matt
[Added to the original trac issue at 4.35pm, Sunday, 8th February 2009]

Fixed in r13602.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant