From 1590920c910c030369fbf871b63f6836b988e90a Mon Sep 17 00:00:00 2001 From: Anders Svensson Date: Thu, 12 Feb 2015 11:41:59 +0100 Subject: Add service_opt() string_decode To control whether stringish Diameter types are decoded to string or left as binary. The motivation is the same as in the parent commit: to avoid large strings being copied when incoming Diameter messages are passed between processes; or *if* in the case of messages destined for handle_request and handle_answer callbacks, since these are decoded in the dedicated processes that the callbacks take place in. It would be possible to do something about other messages without requiring an option, but disabling the decode is the most effective. The value is a boolean(), true being the default for backwards compatibility. Setting false causes both diameter_caps records and decoded messages to contain binary() in relevant places that previously had string(): diameter_app(3) callbacks need to be prepared for the change. The Diameter types affected are OctetString and the derived types that can contain arbitrarily large values: OctetString, UTF8String, DiameterIdentity, DiameterURI, IPFilterRule, and QoSFilterRule. Time and Address are unaffected. The DiameterURI decode has been redone using re(3), which both simplifies and does away with a vulnerability resulting from the conversion of arbitrary strings to atom. The solution continues the use and abuse of the process dictionary for encode/decode purposes, last seen in commit 0f9cdba. --- lib/diameter/doc/src/diameter.xml | 24 ++++++++++++++++++++++++ lib/diameter/doc/src/diameter_dict.xml | 9 +++++++-- lib/diameter/doc/src/seealso.ent | 5 +++++ 3 files changed, 36 insertions(+), 2 deletions(-) (limited to 'lib/diameter/doc') diff --git a/lib/diameter/doc/src/diameter.xml b/lib/diameter/doc/src/diameter.xml index a5a99f7835..cb397614e5 100644 --- a/lib/diameter/doc/src/diameter.xml +++ b/lib/diameter/doc/src/diameter.xml @@ -899,6 +899,30 @@ Options monitor and link are ignored.

Defaults to the empty list.

+ +{string_decode, boolean()} + +

+Whether or not to decode AVPs of type &dict_OctetString; and its +derived types &dict_DiameterIdentity;, &dict_DiameterURI;, +&dict_IPFilterRule;, &dict_QoSFilterRule;, and &dict_UTF8String;. +If true then AVPs of these types are decoded to string(). +If false then values are retained as binary().

+ +

+Defaults to true.

+ + +

+This option should be set to false +since a sufficiently malicious peer can otherwise cause large amounts +of memory to be consumed when decoded Diameter messages are passed +between processes. +The default value is for backwards compatibility.

+
+ +
+ {use_shared_peers, boolean() | [node()] | evaluable()}

diff --git a/lib/diameter/doc/src/diameter_dict.xml b/lib/diameter/doc/src/diameter_dict.xml index 810a146b88..9db9bcffde 100644 --- a/lib/diameter/doc/src/diameter_dict.xml +++ b/lib/diameter/doc/src/diameter_dict.xml @@ -528,6 +528,11 @@ in a request record when sending a request, returned in a resulting answer record and passed to a &app_handle_request; callback upon reception of an incoming request.

+

+In cases in which there is a choice between list() and binary() types +for OctetString() and derived types, the representation is determined +by the value of &mod_string_decode;.

+

Basic AVP Data Formats

@@ -541,7 +546,7 @@ callback upon reception of an incoming request.

-OctetString() = [0..255]
+OctetString() = string() | binary()
 Integer32()   = -2147483647..2147483647
 Integer64()   = -9223372036854775807..9223372036854775807
 Unsigned32()  = 0..4294967295
@@ -603,7 +608,7 @@ and {{2104,2,26},{9,42,23}} (both inclusive) can be encoded.

-UTF8String() = [integer()]
+UTF8String() = [integer()] | binary()
 

diff --git a/lib/diameter/doc/src/seealso.ent b/lib/diameter/doc/src/seealso.ent index 44541afb9b..b0e3a2c712 100644 --- a/lib/diameter/doc/src/seealso.ent +++ b/lib/diameter/doc/src/seealso.ent @@ -69,6 +69,8 @@ significant. connect_timer'> watchdog_timer'> +diameter:service_opt() string_decode'> + handle_answer/4'> @@ -102,6 +104,9 @@ significant. Address()'> DiameterIdentity()'> +DiameterURI()'> +IPFilterRule()'> +QoSFilterRule()'> Grouped()'> OctetString()'> Time()'> -- cgit v1.2.3