lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Wed, Jan 04, 2012 at 04:16:00PM -0800, Sam Roberts wrote:
> OK, so quoting the report:
> 
>    ruby could be caused to take 6 hours of i7 CPU time to parse a 2 MB
> post request
> 
> That seems ripe for exploit.
> 
> Whereas I rearranged your code to run standalone, and what I'm seeing
> for 8MB of input to lua is it goes from about 2 seconds with random
> data to about 44 seconds with crafted data. And I have an i3 CPU, not
> i7, for what its worth.
> 
> That's not blowing me away.
> 

Try this patch. Let me know when it finishes ;)

--- TestHeader.lua.old	Wed Jan  4 17:15:34 2012
+++ TestHeader.lua	Wed Jan  4 17:15:56 2012
@@ -14,7 +14,7 @@
     local function Random()
         local aBuffer = {}
 
-        for anIndex = 1, 32 do
+        for anIndex = 1, 34 do
             aBuffer[ anIndex ] = string.char( math.random( 59, 126 ) )
         end
 
@@ -22,9 +22,11 @@
     end
 
     local function NotSoRandom()
-        local aChar = string.char( math.random( 59, 126 ) )
+        local aChar = 'a'
 
-        return ( '%s%s%s%s%s' ):format( ( aChar ):rep( 28 ),
+        return ( '%s%s%s%s%s%s%s' ):format( ( aChar ):rep( 28 ),
+        string.char( math.random( 59, 126 ) ),
+        aChar,
         string.char( math.random( 59, 126 ) ),
         aChar,
         string.char( math.random( 59, 126 ) ),