16 lines
900 B
Plaintext
16 lines
900 B
Plaintext
==== Enforce an upper limit
|
|
|
|
When performing a memory allocation whose size depends on a user-controlled
|
|
parameter, it is of prime importance to enforce an upper limit to the size
|
|
being allocated. This will prevent any overly big memory slot from being
|
|
consumed by a single allocation.
|
|
|
|
Note that forcing an upper limit will not prevent Denial of Service attacks.
|
|
When an allocation size is restricted to a reasonable amount, attackers can
|
|
still request the allocating feature multiple times until the combined allocation
|
|
size becomes big enough to cause exhaustion. However, the smaller the allowed
|
|
allocation size, the higher the number of necessary requests and, thus, the
|
|
higher the required resources on the attacker side. As for most of the DoS
|
|
attack vectors, a trade-off must be found to prevent most attackers from causing
|
|
exhaustion while keeping a good level of performance and usability.
|