ext/lists: add max size check to genRange() to prevent OOM#1310
ext/lists: add max size check to genRange() to prevent OOM#1310marwan9696 wants to merge 3 commits into
Conversation
lists.range(N) allocates N elements with no upper bound. A large value like 2147483647 allocates ~16 GB and crashes the process. This is dangerous in Kubernetes ValidatingAdmissionPolicy where user-controlled input feeds into CEL expressions. Add maxRangeSize (10M) check and reject negative values.
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
CLA signed. Please re-check. |
|
/gcbrun |
| } | ||
|
|
||
| // maxRangeSize is the maximum number of elements lists.range() will allocate. | ||
| const maxRangeSize = 10_000_000 |
There was a problem hiding this comment.
Could you make this a functional option for the Lists library instead?
Move the hardcoded maxRangeSize constant into a ListsMaxRangeSize functional option on the Lists library, following the same pattern as ListsVersion. Default remains 10,000,000. Setting to zero disables the limit.
|
Done — moved it to a |
| } | ||
|
|
||
| // Over the limit should fail, not allocate. | ||
| _, err = genRange(defaultMaxRangeSize+1, defaultMaxRangeSize) |
There was a problem hiding this comment.
Would you mind testing both the default range and a smaller range?
| return cel.Lib(l) | ||
| } | ||
|
|
||
| const defaultMaxRangeSize = 10_000_000 |
There was a problem hiding this comment.
We can make this 1M. Seems reasonably high that no one should ever hit it on accident.
|
/gcbrun |
lists.range(N) allocates N elements with no upper bound. A large
value like 2147483647 allocates ~16 GB and crashes the process.
This is dangerous in Kubernetes ValidatingAdmissionPolicy where
user-controlled input feeds into CEL expressions.
Add maxRangeSize (10M) check and reject negative values.
Fixes #1309