Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(9542)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 5268043: code review 5268043: http: DoS protection: cap non-Handler Request.Body reads (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
12 years, 7 months ago by bradfitz
Modified:
12 years, 6 months ago
Reviewers:
CC:
golang-dev, dsymonds
Visibility:
Public.

Description

http: DoS protection: cap non-Handler Request.Body reads Previously, if an http.Handler didn't fully consume a Request.Body before returning and the request and the response from the handler indicated no reason to close the connection, the server would read an unbounded amount of the request's unread body to advance past the request message to find the next request's header. That was a potential DoS. With this CL there's a threshold under which we read (currently 256KB) in order to keep the connection in keep-alive mode, but once we hit that, we instead switch into a "Connection: close" response and don't read the request body. Fixes issue 2093 (along with number of earlier CLs)

Patch Set 1 #

Patch Set 2 : diff -r 94bf75f51cbe https://go.googlecode.com/hg/ #

Patch Set 3 : diff -r 94bf75f51cbe https://go.googlecode.com/hg/ #

Patch Set 4 : diff -r 94bf75f51cbe https://go.googlecode.com/hg/ #

Total comments: 4

Patch Set 5 : diff -r 5b1ad5da9383 https://go.googlecode.com/hg/ #

Unified diffs Side-by-side diffs Delta from patch set Stats (+111 lines, -54 lines) Patch
M src/pkg/http/serve_test.go View 1 2 chunks +41 lines, -4 lines 0 comments Download
M src/pkg/http/server.go View 1 2 3 4 7 chunks +70 lines, -50 lines 0 comments Download

Messages

Total messages: 4
bradfitz
Hello golang-dev@googlegroups.com (cc: golang-dev@googlegroups.com), I'd like you to review this change to https://go.googlecode.com/hg/
12 years, 7 months ago (2011-10-14 22:42:18 UTC) #1
dsymonds
LGTM Looks reasonable to me. http://codereview.appspot.com/5268043/diff/3003/src/pkg/http/server.go File src/pkg/http/server.go (right): http://codereview.appspot.com/5268043/diff/3003/src/pkg/http/server.go#newcode151 src/pkg/http/server.go:151: func (r *response) ReadFrom(src ...
12 years, 6 months ago (2011-10-15 00:11:07 UTC) #2
bradfitz
http://codereview.appspot.com/5268043/diff/3003/src/pkg/http/server.go File src/pkg/http/server.go (right): http://codereview.appspot.com/5268043/diff/3003/src/pkg/http/server.go#newcode151 src/pkg/http/server.go:151: func (r *response) ReadFrom(src io.Reader) (n int64, err os.Error) ...
12 years, 6 months ago (2011-10-15 00:16:36 UTC) #3
bradfitz
12 years, 6 months ago (2011-10-15 00:33:46 UTC) #4 
*** Submitted as http://code.google.com/p/go/source/detail?r=e67bd0e3dbd4 ***

http: DoS protection: cap non-Handler Request.Body reads

Previously, if an http.Handler didn't fully consume a
Request.Body before returning and the request and the response
from the handler indicated no reason to close the connection,
the server would read an unbounded amount of the request's
unread body to advance past the request message to find the
next request's header. That was a potential DoS.

With this CL there's a threshold under which we read
(currently 256KB) in order to keep the connection in
keep-alive mode, but once we hit that, we instead
switch into a "Connection: close" response and don't
read the request body.

Fixes issue 2093 (along with number of earlier CLs)

R=golang-dev, dsymonds
CC=golang-dev
http://codereview.appspot.com/5268043
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b