sdgoij/rustfs
1
0
Fork 0
mirror of https://github.com/rustfs/rustfs.git synced 2026-01-16 17:20:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

build(deps): bump s3s from 0.12.0-rc.4 to 0.12.0-rc.5 in the s3s group (#1046)

Browse Source 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: loverustfs <hello@rustfs.com>
Co-authored-by: houseme <housemecn@gmail.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>
This commit is contained in:
dependabot[bot]
2025-12-11 15:20:36 +08:00
committed by GitHub
parent fba201df3d
commit 0da943a6a4
26 changed files with 445 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
docs/security/dos-prevention-body-limits.md Normal file
View File

@@ -0,0 +1,42 @@
# DoS Prevention: Request/Response Body Size Limits
## Executive Summary
This document describes the implementation of request and response body size limits in RustFS to prevent Denial of Service (DoS) attacks through unbounded memory allocation. The previous use of `usize::MAX` with `store_all_limited()` posed a critical security risk allowing attackers to exhaust server memory.
## Security Risk Assessment
### Vulnerability: Unbounded Memory Allocation
**Severity**: High
**Impact**: Server memory exhaustion, service unavailability
**Likelihood**: High (easily exploitable)
**Previous Code** (vulnerable):
```rust
let body = input.store_all_limited(usize::MAX).await?;
```
On a 64-bit system, `usize::MAX` is approximately 18 exabytes, effectively unlimited.
## Implemented Limits
| Limit | Size | Use Cases |
|-------|------|-----------|
| `MAX_ADMIN_REQUEST_BODY_SIZE` | 1 MB | User management, policies, tier/KMS/event configs |
| `MAX_IAM_IMPORT_SIZE` | 10 MB | IAM import/export (ZIP archives) |
| `MAX_BUCKET_METADATA_IMPORT_SIZE` | 100 MB | Bucket metadata import |
| `MAX_HEAL_REQUEST_SIZE` | 1 MB | Healing operations |
| `MAX_S3_RESPONSE_SIZE` | 10 MB | S3 client responses from remote services |
## Rationale
- AWS IAM policy limit: 6KB-10KB
- Typical payloads: < 100KB
- 1MB-100MB limits provide generous headroom while preventing DoS
- Based on real-world usage analysis and industry standards
## Files Modified
- 22 files updated across admin handlers and S3 client modules
- 2 new files: `rustfs/src/admin/constants.rs`, `crates/ecstore/src/client/body_limits.rs`