benmmurphy

Erlang hash-dos review.

TLDR. It's easy to generate collisions for phash and phash2 when hashing binaries. Erlang dict uses phash so if its possible to generate quadratic slow down by triggering collisions. ETS uses phash2 so its possible to generate quadratic slow down by triggering collisions in ETS. The good news is that even though erlang maps uses phash2 and its possible to generate collisions it does not seem easy to trigger a quadratic slow down because the hash array mapped trie implementation rehashes the input with a different prefix when it can't find a unique position in the trie and it looks like it is difficult to generate inputs that collide over multiple different prefixes.

This review is going to focus on taking the hash of binaries because this is the most likely user controllable input to the hash functions.

erlang.phash/2

benmmurphy

synchronous_commit = off

[serial]

tps = 2555.469688 (excluding connections establishing)
tps = 2627.757181 (excluding connections establishing)
tps = 2727.293028 (excluding connections establishing)
tps = 2511.608749 (excluding connections establishing)
tps = 2440.086908 (excluding connections establishing)
tps = 2534.304940 (excluding connections establishing)

benmmurphy

-module(collect_acks_bench).

-export([bench_fifo/0, bench_lifo/0, bench_multiple/1]).

precondition_failed(S, _W) ->
  throw(S).

%% NB: returns acks in youngest-first order
collect_acks(Q, 0, true) ->
    {lists:reverse(queue:to_list(Q)), queue:new()};

benmmurphy

# frozen_string_literal: true

begin
  require "bundler/inline"
rescue LoadError => e
  $stderr.puts "Bundler version 1.10 or later is required. Please update your Bundler"
  raise e
end

gemfile(true) do

benmmurphy

tcpdump on client
nc server 21

16:18:59.306666 IP CLIENT.59382 > SERVER.ftp: Flags [S], seq 1992877459, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 364841380 ecr 0,sackOK,eol], length 0
16:18:59.310634 IP SERVER.ftp > CLIENT.59382: Flags [S.], seq 2239629857, ack 1992877460, win 32768, options [mss 1460,nop,wscale 3,nop,nop,TS val 1 ecr 364841380,sackOK,nop,nop], length 0
16:18:59.310693 IP CLIENT.59382 > SERVER.ftp: Flags [.], ack 1, win 4117, options [nop,nop,TS val 364841384 ecr 1], length 0
16:18:59.412387 IP SERVER.ftp > CLIENT.59382: Flags [F.], seq 1, ack 1, win 4197, options [nop,nop,TS val 2 ecr 364841384], length 0
16:18:59.412465 IP CLIENT.59382 > SERVER.ftp: Flags [.], ack 2, win 4117, options [nop,nop,TS val 364841485 ecr 2], length 0
16:18:59.412601 IP CLIENT.59382 > SERVER.ftp: Flags [R.], seq 1, ack 2, win 4117, length 0

benmmurphy

var Promise = require('promise');
var weak = require('weak');

var makeCancelable = (promise) => {
  let hasCanceled_ = false;

  const wrappedPromise = new Promise((resolve, reject) => {
    promise.then((val) =>
      hasCanceled_ ? reject({isCanceled: true}) : resolve(val)
    );

benmmurphy

DumpMS = fun() ->
     FindMs = fun(Socket) ->
          Pid = element(3, Socket),
          Connection = sys:get_state(Pid),
          State = element(2, Connection),
          Session = element(18, State),
          SessionId = element(2, Session),
          MasterSecret = element(7, Session),
          {SessionId, MasterSecret}
     end,

benmmurphy

echo $'HTTP/1.1 301 Redirect\r\nLocation: https://www.youtube.com/watch?v=dQw4w9WgXcQ\r\n\r\n' | nc -l -p 3000 127.0.0.1 & open http://localhost:3000

benmmurphy

local fail = function(msg)

  print("[-] " .. msg)
  error(msg)
end

local addbyte = function(b8, byte)
  local carry = byte
  local result = ''
  for i=1, string.len(b8) do

benmmurphy

postgres=# select NULL + 4;
 ?column?
----------

(1 row)

postgres=# select SUM(foo) from (select NULL::integer as foo UNION all select 1) x;
 sum
-----
   1