These guys exploit the worstcase runtime of a hashtable, is it possible to avoid this case by checking for too many collisions on each insert?
Am 29.12.2011 01:47, schrieb Jann Horn: > http://www.youtube.com/watch?v=R2Cq3CLI6H8 > > Technical explaination 0m-19m or so, part about nodejs at 40m or so. > > Basically, because v8 uses weak hashes for objects, you can fill up > one slot of the hashtable with many entries, e.g. using a POST > containing a querystring with many keys with the same hash. Operating > on those keys (inserting and reading) then becomes slow as hell which > allows you to bring a nodejs server to 100% CPU usage for a long time > (blocking the event loop completely) with one moderately large POST > request. This is bad. > > Those guys say they told Google October 18th, they got through to the > v8 guys in November, and they said they don't care sooo much about DoS > attacks on v8 because they're mainly interested in browserside stuff. > > This is bad for us. >