Difference between revisions of "Asymmetric resource consumption (amplification)"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
PLOVER - Asymmetric resource consumption (amplification)
+
{{Template:Attack}}
  
An attacker can force a victim to consume more resources than should be allowed for the attacker's level of access.
+
==Description==
  
{{Template:Stub}}
+
An attacker can force a victim to consume more resources than should be allowed for the attacker's level of access. The program can
 +
potentially fail to release or incorrectly release a system resource.
 +
A resource is not properly cleared and made available for re-use.
  
[[Category:Attack]]
+
==Examples ==
 +
 
 +
'''Example1'''
 +
 
 +
The following method never closes the file handle it opens. The Finalize() method for StreamReader eventually calls Close(), but there
 +
is no guarantee how long it is going to take before the Finalize() method is invoked. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, this can result in the VM using up all of its available file handles.
 +
<pre>
 +
private void processFile(string fName) {
 +
StreamWriter sw = new
 +
StreamWriter(fName);
 +
string line;
 +
while ((line = sr.ReadLine()) != null) processLine(line);
 +
}
 +
</pre>
 +
After using up all handles (file descriptors) VM may become very unstable, slow and what is the most immportant it may stop working
 +
deterministically comparing to its previous state.
 +
 
 +
 
 +
'''Example2'''
 +
 
 +
Under normal conditions the following C# code executes a database query, processes the results returned by the database, and closes the allocated SqlConnection object. But if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database runs out of available cursors and is not able to execute any more SQL queries.
 +
 
 +
C# Example:
 +
<pre>
 +
...
 +
SqlConnection conn = new SqlConnection(connString);
 +
SqlCommand cmd = new SqlCommand(queryString);
 +
cmd.Connection = conn; conn.Open();
 +
SqlDataReader rdr = cmd.ExecuteReader();
 +
HarvestResults(rdr);
 +
conn.Connection.Close();
 +
...
 +
</pre>
 +
The amount of the concurent connections to the databases is often lower than maximal amount of possible handles in the system to use.
 +
It makes easier to locate application bottlenecks and use them to stop the application or make it unstable.
 +
 
 +
 
 +
'''Example3'''
 +
 
 +
If application which can handle N concurent connections doesn't implement appropriate mechanism to disconnect clients e.g. TIMEOUTs,
 +
then it's very easy to disable it by establishing close to N connections. Additionally the connections should simulate work with
 +
application using its protocol untill exhaustion of the available resources.
 +
 
 +
 
 +
Reference:
 +
* http://cwe.mitre.org/data/definitions/404.html
 +
 
 +
==Related Threats==
 +
 
 +
* [[Denial_of_Service]]
 +
 
 +
==Related Attacks==
 +
 
 +
* [[Account_Lockout_Attack]]
 +
 
 +
==Related Vulnerabilities==
 +
 
 +
* [[Insufficient_Resource_Locking]]
 +
* [[Insufficient_Resource_Pool]]
 +
 
 +
==Related Countermeasures==
 +
 
 +
It is good practice to be responsible for freeing all resources you allocate.
 +
 
 +
Memory should be allocated/freed using matching functions such as
 +
malloc/free, new/delete, and new[]/delete[].
 +
 
 +
==Categories==
 +
 
 +
[[:Category:Resource_Depletion]]

Revision as of 15:17, 4 November 2007

This is an Attack. To view all attacks, please see the Attack Category page.


Description

An attacker can force a victim to consume more resources than should be allowed for the attacker's level of access. The program can potentially fail to release or incorrectly release a system resource. A resource is not properly cleared and made available for re-use.

Examples

Example1

The following method never closes the file handle it opens. The Finalize() method for StreamReader eventually calls Close(), but there is no guarantee how long it is going to take before the Finalize() method is invoked. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, this can result in the VM using up all of its available file handles.

private void processFile(string fName) {
 StreamWriter sw = new
 StreamWriter(fName);
 string line;
 while ((line = sr.ReadLine()) != null) processLine(line);
}

After using up all handles (file descriptors) VM may become very unstable, slow and what is the most immportant it may stop working deterministically comparing to its previous state.


Example2

Under normal conditions the following C# code executes a database query, processes the results returned by the database, and closes the allocated SqlConnection object. But if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database runs out of available cursors and is not able to execute any more SQL queries.

C# Example:

...
SqlConnection conn = new SqlConnection(connString);
SqlCommand cmd = new SqlCommand(queryString);
cmd.Connection = conn; conn.Open();
SqlDataReader rdr = cmd.ExecuteReader();
HarvestResults(rdr);
conn.Connection.Close();
...

The amount of the concurent connections to the databases is often lower than maximal amount of possible handles in the system to use. It makes easier to locate application bottlenecks and use them to stop the application or make it unstable.


Example3

If application which can handle N concurent connections doesn't implement appropriate mechanism to disconnect clients e.g. TIMEOUTs, then it's very easy to disable it by establishing close to N connections. Additionally the connections should simulate work with application using its protocol untill exhaustion of the available resources.


Reference:

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

It is good practice to be responsible for freeing all resources you allocate.

Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[].

Categories

Category:Resource_Depletion