Masu bincike daga Netflix da Google Akwai lahani guda takwas a cikin aiwatarwa daban-daban na ka'idar HTTP/2 waɗanda zasu iya haifar da ƙin sabis ta hanyar aika rafin buƙatun hanyar sadarwa ta wata hanya. Matsalolin suna shafar yawancin sabar HTTP tare da goyon bayan HTTP/2 zuwa wani mataki kuma suna sa tsarin ma'aikaci ya ƙare daga ƙwaƙwalwar ajiya ko ƙirƙirar nauyin CPU mai yawa. An riga an gabatar da sabuntawa waɗanda ke kawar da lahani a ciki и , amma a yanzu don Apache httpd da .
Matsalolin sun samo asali ne daga rikice-rikicen da aka gabatar a cikin ka'idar HTTP/2 da ke da alaƙa da amfani da tsarin binary, tsarin iyakance bayanai a cikin haɗin kai, tsarin fifikon kwarara, da kasancewar saƙon sarrafawa kamar ICMP da ke aiki a haɗin HTTP/2 matakin (misali, ping, sake saiti, da saitunan kwarara). Yawancin aiwatarwa ba su iyakance kwararar saƙon sarrafawa yadda ya kamata ba, ba su gudanar da ingantaccen layukan fifiko lokacin sarrafa buƙatun ba, ko amfani da ingantaccen aiwatarwa na algorithms sarrafa kwarara.
Yawancin hanyoyin kai hari da aka gano suna saukowa zuwa aika wasu buƙatun zuwa uwar garken, wanda ke haifar da samar da adadin martani mai yawa. Idan abokin ciniki bai karanta bayanai daga soket ba kuma baya rufe haɗin gwiwa, layin buffering na amsawa a gefen uwar garken yana ci gaba da cikawa. Wannan hali yana haifar da nauyi akan tsarin sarrafa jerin gwano don sarrafa haɗin haɗin yanar gizon kuma, dangane da fasalin aiwatarwa, yana haifar da ƙarewar da ke akwai na ƙwaƙwalwar ajiya ko albarkatun CPU.
Gane rashin lahani:
- CVE-2019-9511 (Data Dribble) - mai kai hari yana buƙatar bayanai masu yawa a cikin zaren da yawa ta hanyar sarrafa girman taga mai zamewa da fifikon zaren, tilasta uwar garken don yin layi na bayanai a cikin tubalan 1-byte;
- CVE-2019-9512 (Ambaliya ta Ping) - mai kai hari yana ci gaba da kashe saƙon ping akan hanyar HTTP/2, yana haifar da layin cikin gida na martanin da aka aiko don ambaliya a wancan gefen;
- CVE-2019-9513 (Resource Loop) - mai kai hari yana ƙirƙirar zaren buƙatun da yawa kuma yana ci gaba da canza fifikon zaren, yana haifar da bishiyar fifiko don shuɗe;
- CVE-2019-9514 (Sake saitin Ambaliyar) - mai hari yana ƙirƙirar zaren da yawa
kuma aika buƙatun mara inganci ta kowane zaren, yana sa uwar garken ta aika da firam ɗin RST_STREAM, amma ba ta yarda da su don cike layin amsa ba; - CVE-2019-9515 (Ambaliya Saituna) - maharin yana aika rafi na firam ɗin "SETTINGS" mara kyau, a cikin martani wanda uwar garken dole ne ya amince da karɓar kowace buƙata;
- CVE-2019-9516 (0-Length Headers Leak) - mai hari yana aika rafi na masu kai da sunan banza da ƙima mara kyau, kuma uwar garken tana ba da buffer a cikin ƙwaƙwalwar ajiya don adana kowane mai kai kuma baya sake shi har sai zaman ya ƙare. ;
- CVE-2019-9517 (Cutar Bayanan Cikin Gida) - maharin yana buɗewa
HTTP/2 taga zamiya don uwar garken don aika bayanai ba tare da hani ba, amma yana rufe taga TCP, yana hana a rubuta bayanai a zahiri zuwa soket. Bayan haka, maharin yana aika buƙatun da ke buƙatar babban amsa; - CVE-2019-9518 (Ambaliya Ba komai) - Mai hari yana aika rafi na nau'in DATA, HEADERS, CONTINUATION, ko PUSH_PROMISE, amma tare da kaya mara komai kuma babu tutar ƙarewa. Sabar tana ciyar da lokaci don sarrafa kowane firam, wanda bai dace da bandwidth ɗin da maharin ke cinyewa ba.
source: budenet.ru