Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: ErrContentLength not returned for too-long HTTP/2 body writes #56019

Open
neild opened this issue Oct 4, 2022 · 4 comments
Open

net/http: ErrContentLength not returned for too-long HTTP/2 body writes #56019

neild opened this issue Oct 4, 2022 · 4 comments
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Backlog

Comments

@neild
Copy link
Contributor

neild commented Oct 4, 2022 

// ErrContentLength is returned by ResponseWriter.Write calls
// when a Handler set a Content-Length response header with a
// declared size and then attempted to write more bytes than
// declared.
ErrContentLength = errors.New("http: wrote more than the declared Content-Length")

Writing too many bytes to an HTTP/2 body doesn't return ErrContentLength, however, for two reasons:

  1. The HTTP/2 ResponseWriter returns a different error when detecting a too-long body.
  2. The accounting for how many bytes have been written can fail to detect a too-long body until after the ResponseWriter.Write call has returned.

The existing test TestIdentityResponse fails when run in HTTP/2 mode.
@neild neild added the NeedsFix The path to resolution is known, but the work has not been done. label Oct 4, 2022
@neild neild added this to the Backlog milestone Oct 4, 2022
@nikola-jokic
Copy link
Contributor

Hey @neild, can I give it a try? ☺️

@neild
Copy link
Contributor Author

neild commented Nov 10, 2022

Hey @neild, can I give it a try? ☺️

Please do! I'm happy to review a CL.

@gopherbot
Copy link

Change https://go.dev/cl/450255 mentions this issue: net/http: ResponseWriter checks for the Content-Length before writing it

@gopherbot
Copy link

Change https://go.dev/cl/577415 mentions this issue: net/http: update HandlerWritesTooMuch test to allow different h1/h2 behavior

gopherbot pushed a commit that referenced this issue Apr 8, 2024
@neild
net/http: update HandlerWritesTooMuch test to allow different h1/h2 b…
50a5059 
…ehavior

Rather than requiring that HTTP/1 and HTTP/2 servers behave identically
when a misbehaving handler writes too many bytes, check only that both
behave reasonably.

In particular, allow the handler to defer detection of a write overrun
until flush time, and permit the HTTP/2 handler to reset the stream
rather than requring it to return a truncated body as HTTP/1 must.

For #56019

Change-Id: I0838e550c4fc202dcbb8bf39ce0fa4a367ca7e71
Reviewed-on: https://go-review.googlesource.com/c/go/+/577415
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@neild @gopherbot @nikola-jokic