net/http: potential DOS: request context not cancelled if a client sends one byte after ServeHTTP starts #37145
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
ran the following code:
package main
and then ran the following command:
What did you expect to see?
The request context should have been cancelled as per documentation:
and thus i expected to see the following output:
What did you see instead?
The context did not cancel and the goroutine that serves the
http.Handler
never returns.http.Server
s thatselect
directly onand not
(or something like that) could be vulnerable to denial of service attacks.
The text was updated successfully, but these errors were encountered: