js-ipfs-bitswap: DOS unbounded persistent memory leak #635
Description
Summary
There is no limit on the size of the wantlist here. An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANT_BLOCK and or WANT_HAVE requests which are queued in an unbounded queue. This could lead to a memory leak.
Desceiption
In the messageReceived function in this file, there is no limit on the size of the wantlist, and malicious want requests could lead to memory leaks. There is a similar vulnerability, and the fix could be similar to this. .the js-ipfs-bitswap does not have similar fix logic.
` async messageReceived (peerId: PeerId, msg: Message): Promise {
const ledger = this._findOrCreate(peerId)
if (msg.empty) {
return
}
// If the message has a full wantlist, clear the current wantlist
if (msg.full) {
ledger.wantlist = new Wantlist()
}
// Record the amount of block data received
this._updateBlockAccounting(msg.blocks, ledger)
if (msg.wantlist.size === 0) {
this._scheduleProcessTasks()
return
}
// Clear cancelled wants and add new wants to the ledger
const cancels: CID[] = []
const wants: BitswapMessageEntry[] = []
msg.wantlist.forEach((entry) => {
if (entry.cancel) {
ledger.cancelWant(entry.cid)
cancels.push(entry.cid)
} else {
ledger.wants(entry.cid, entry.priority, entry.wantType)
wants.push(entry)
}
})
this._cancelWants(peerId, cancels)
await this._addWants(peerId, wants)
this._scheduleProcessTasks()
} `