Opened 9 years ago

Closed 9 years ago

#1568 closed defect (fixed)

API 0.6: DoS on malformed diff upload request

Reported by: ivansanchez@… Owned by: tom@…
Priority: critical Milestone: OSM 0.6
Component: admin Version:
Keywords: API 0.6 xml changeset Cc: Matt Amos <zerebubuth@…>

Description

I'm using the Rails port rev. 13597 (2008-02-08) in a test environment. I can hang up the rails server by uploading a well-formed but empty changeser.

How to reproduce: upload an empty osmChange file to a malformed URL. The URL has to be one of a changeset upload, but with a null changeset. Note the :
POST http://(user):(passwd)@localhost:3000/api/0.6/changeset//upload

Any of the following examples will do:

<osmChange version='0.6' generator='php_bulk_uploader'><create version='0.6' generator='php_bulk_uploader'></create></osmChange>

<osmChange version='0.6' generator='php_bulk_uploader'></osmChange>

<osmChange version='0.6' generator='php_bulk_uploader'><delete version='0.6' generator='php_bulk_uploader'></delete></osmChange>

<osmChange version='0.6' generator='php_bulk_uploader'><modify version='0.6' generator='php_bulk_uploader'></modify></osmChange>

Interestingly enough, this won't trigger the bug:

The ruby process seems to enter an infinite loop and waste 100% CPU. I consider this bug to be a potential DoS attack on the API servers.

Change History (2)

comment:1 Changed 9 years ago by ivansanchez@…

Note to self: use the "preview" button when using trac.

comment:2 Changed 9 years ago by Matt

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in r13602.

Note: See TracTickets for help on using tickets.