[opencms-dev] DOS attacks made possible by image scaling?
Paul-Inge Flakstad
flakstad at npolar.no
Wed Jun 10 01:44:57 CEST 2009
Hi Mika
This was a very interesting post, raising questions on an issue I haven't even thought about. I'm really looking forward to hear what the experts have to say about this.
Cheers,
Paul
________________________________
From: opencms-dev-bounces at opencms.org [mailto:opencms-dev-bounces at opencms.org] On Behalf Of Mika Salminen
Sent: 9. juni 2009 21:42
To: opencms-dev at opencms.org
Subject: [opencms-dev] DOS attacks made possible by image scaling?
Hello,
OpenCms image scaling with request parameters (I.E. http://your.url/image.jpeg?__scale=w:50,h:50) is nice feature and allows for example easy thumbnail generation. But I believe that it provides multiple possibilities for a malicious user to play around.
Basic attacks could possibly be done as easily as just requesting the image with many different parameters many times in a row.
For example:
http://your.url/image.jpeg?__scale=w:1,h:1
http://your.url/image.jpeg?__scale=w:1,h:2
http://your.url/image.jpeg?__scale=w:1,h:3
...
http://your.url/image.jpeg?__scale=w:1024,h:767
This would cause OpenCms to create and write to cache a new version of the image (of course if image with given parameters does already exist in cache it is not recreated).
Introduced kind of attack could cause performance problems for the server (I assume that the image processing is not very cheap), but it can also cause nasty things to happen in cache. For example if there is a published 1024x768 JPEG image on a OpenCms website malicious user can request for all the 1024*768=786432 size variations of the image thus creating ~14GB data to disk (Assumptions: 1byte/pixel, average JPEG compression ratio 1:10. You can check my calculations in attached java code). And of course if there are more than one image on the site, attack can be done for them too (other resize parameters could work too, haven't checked...).
The point is that creating large amounts of data to cache is easily possible for malicious users. Filling the disk can in many cases put down the whole server.
At least partial resolution for this problem could be limiting the image cache size and making it for example LRU style (I could not find that limiting is done already). This does not of course prevent possible performance DOS attack and also the cache could be rendered useless by the attacker.
Other options I could think of seem more complicated and would probably require the available image sizes to be known before render time.
So tell me what you think about all this? Am I correct or do I miss something?
-Mika
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20090610/9834c3ae/attachment.htm>
More information about the opencms-dev
mailing list