Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix a security issue where a malicious peer could tell h2 to allocate too much #149

Merged
merged 4 commits into from
Apr 12, 2021
Merged

Fix a security issue where a malicious peer could tell h2 to allocate too much #149

merged 4 commits into from
Apr 12, 2021

Conversation

anmonteiro
Copy link
Owner

@anmonteiro anmonteiro commented Apr 12, 2021
edited
Loading

  • We were allocating a read body that is the size specified in the content-length header
  • This could allow a malicious peer to send a giant content-length value, and we'd happily try to allocate it
  • The fix is to to allocate what we have configured through t.config.{request,response}_body_buffer_size

@anmonteiro anmonteiro merged commit f1d70bb into master Apr 12, 2021
@anmonteiro anmonteiro deleted the anmonteiro/security-fix branch April 12, 2021 02:35
@anmonteiro anmonteiro mentioned this pull request Apr 12, 2021
Merged
anmonteiro added a commit to anmonteiro/opam-repository that referenced this pull request Apr 12, 2021
@anmonteiro
[new release] hpack, h2, h2-mirage, h2-lwt, h2-lwt-unix and h2-async …
d3dda70 
…(0.8.0)

CHANGES:

- h2: scheduler: fix bug that caused zero length DATA frames not to be sent if
  there were no flow-control credits
  ([anmonteiro/ocaml-h2#142](anmonteiro/ocaml-h2#142)) -- reported  by
  [@blandinw](https://github.com/blandinw)
- h2,h2-lwt,h2-lwt-unix,h2-async,h2-mirage Add `trailers_handler` to
  `Connection.request` ([anmonteiro/ocaml-h2#146](anmonteiro/ocaml-h2#146))
- h2: client / server: fix a security issue that allowed a malicious peer to
  make h2 allocate as much as it wanted
  ([anmonteiro/ocaml-h2#149](anmonteiro/ocaml-h2#149))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@anmonteiro