Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nyankiyoshi/poc-cpython-gh-106283
https://github.com/python/cpython/issues/106283
https://github.com/nyankiyoshi/poc-cpython-gh-106283
Last synced: 21 days ago
JSON representation
https://github.com/python/cpython/issues/106283
- Host: GitHub
- URL: https://github.com/nyankiyoshi/poc-cpython-gh-106283
- Owner: NyanKiyoshi
- Created: 2023-06-30T14:29:34.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2023-06-30T14:38:19.000Z (over 1 year ago)
- Last Synced: 2024-06-21T00:03:04.890Z (6 months ago)
- Language: Go
- Homepage:
- Size: 4.88 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# PoC CPython GH-106283
This repository contains a basic demonstration of a denial of service vulnerability
of `socket.create_connection()` against untrusted user-inputs of domain names.[docker-compose.yaml](docker-compose.yaml) deploys a pre-configured DNS server (bind9)
with a `*.test` zone returning 256 IP addresses under the `A` record.[poc.py](poc.py) invokes `socket.create_connection(("poc.test", 80), timeout=1)`
(default arguments) which simulates what would happen if a malicious user
would trick/ask a Python application to connect to a domain name returning
lots of IP addresses that always timeout when connecting to them.### Usage
```
$ docker-compose up --build
$ docker-compose exec poc poc.py --domain poc.test --timeout 1
```### Output
```
$ docker-compose exec poc poc.py --domain poc.test --timeout 1
2023-06-22 16:05:16,550 DEBUG: socket.connect: ('10.0.2.200', 80)
2023-06-22 16:05:17,553 DEBUG: socket.connect: ('10.0.2.84', 80)
[...]
2023-06-22 16:09:32,042 DEBUG: socket.connect: ('10.0.2.137', 80)
2023-06-22 16:09:33,043 ERROR: Socket timeout error!
2023-06-22 16:09:33,044 INFO: Took: 256 seconds
```## Example non-vulnerable implementation
[example-golang.go](example-golang.go) shows the behavior of Golang versus
the Python's current, which acts an example on how the fix could be implemented
and would behave (RFC 8305).```
$ docker-compose up --build
$ docker-compose exec go-example go-example --domain poc.test --timeout 10s
``````
$ docker-compose exec go-example go-example --domain poc.test --timeout 10s
17:20:26.445149 Found 256 IPs to try out
17:20:26.445282 Attempting to connect to 10.0.2.21:80...
17:20:28.446960 Attempting to connect to 10.0.2.25:80...
17:20:30.449034 Attempting to connect to 10.0.2.67:80...
17:20:32.450936 Attempting to connect to 10.0.2.141:80...
17:20:34.452858 Attempting to connect to 10.0.2.13:80...
17:20:36.443316 Failed to get URL (in 10.004180651s): dial tcp 10.0.2.230:80: i/o timeout
```