-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Assess Deny of Service risk and potentially limit the buffer size #22
Comments
I looked into it and most matchers don't seem to be affected by the size of the input buffer. Some of them are a bit more sophisticated, like imageLines 81 to 160 in f4635f8
here at line 153 a malicious user could set a very big number (they would still be limited by a docLines 69 to 175 in f4635f8
Here it's doing a lot of stuff to try to recognize what type of document it is, but it still feels under control. The |
Good catch for the image loop size 👍 |
Initially discussed in #21, stripping of data (such white spaces) at the beginning of input buffer can lead to a Denial Of Service for inputs with a very large amount of data to be stripped before reaching the content to be actually sniffed.
Shall we:
The text was updated successfully, but these errors were encountered: