Potential DoS vulnerability via decompression bomb
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
DESCRIPTION A maliciously crafted archive may produce a large amount of data on decompression that may lead to a denial-of-service (DoS) attack on the application.
It is recommended to use io.CopyN instead of io.Copy and io.CopyBuffer to control the number of bytes copied from the decompression reader.
BAD PRACTICE:
package main
import ( "bytes" "compress/zlib" "io" "os" )
func foo(b io.Reader) { r, err := zlib.NewReader(b) if err != nil { panic(err) }
_, err = io.Copy(os.Stdout, r)
if err != nil {
panic(err)
}
r.Close()}
RECOMMENDED:
package main
import ( "bytes" "compress/zlib" "io" "os" )
func foo(b io.Reader) { r, err := zlib.NewReader(b) if err != nil { panic(err) }
_, err = io.CopyN(os.Stdout, r, 1024) // "n" may change depending on the application
if err != nil {
panic(err)
}
r.Close()}
REFERENCES CWE-409
Potential DoS vulnerability via decompression bomb in: workhorse/cmd/gitlab-zip-cat/main.go
fatalError(fmt.Errorf("write file size invalid"), err)
}
if _, err := io.Copy(os.Stdout, reader); err != nil {
fatalError(fmt.Errorf("write %q from %q to stdout", fileName, scrubbedArchivePath), err)
}}
Potential DoS vulnerability via decompression bomb in: workhorse/internal/lsif_transformer/parser/parser_test.go
require.NoError(t, err)
defer outputFile.Close()
_, err = io.Copy(outputFile, zippedFile)
require.NoError(t, err)
}} Potential DoS vulnerability via decompression bomb in: workhorse/internal/zipartifacts/open_archive_test.go
r, err := zf.Open()
require.NoError(t, err)
_, err = io.Copy(io.Discard, r)
require.NoError(t, err)
require.NoError(t, r.Close())