Use randomized HashMap for yamux stream IDs#441
Conversation
driftluo
left a comment
There was a problem hiding this comment.
I don't quite understand this. The purpose of using nohasher is to reduce the overhead of frequent hashing. If an attacker provides an existing ID, it will directly throw an error. Only non-existent IDs can start the stream. So what serious consequences could the attacker's wrong behavior lead to?
This is a hash flooding dos issue, the StreamId is controlled by remote peer, attacker can create excessive hash collisions and degrade hash-table operations from expected O(1) to O(n). |
Summary
Replace the yamux active stream map with the standard
HashMapand remove thenohash-hasherdependency fromtokio-yamux.Remote peers control inbound yamux stream IDs through frame headers. Using
nohash_hasher::IntMapfor those keys removes randomized hashing and makes insertion/lookup behavior dependent on attacker-chosen integer values. Switching back to the defaultHashMaprestores randomized hashing for externally controlled stream IDs.Testing
cargo fmtcargo test -p tokio-yamux