-
Notifications
You must be signed in to change notification settings - Fork 9.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merged PR 20331: [5.0] MSRC 68921 - Remove unused headers from collec…
…tion in HTTP/2 MSRC Case Opened: 68921 - ASP.NET Core - Kestrel overpooling of HTTP/2 and HTTP/3 request headers leads to DoS CRM:0802002372 Summary of the changes (Less than 80 chars) ## Description Kestrel now correctly calls OnHeadersComplete after parsing request headers so unused headers are removed from headers collection. Prevents headers building up over time and exhausting memory. Note that the change to the 5.0 branch only changes HTTP/2. HTTP/3 in .NET 5 is very experimental and isn't used. ## Customer Impact Potential DoS attack ## Regression? - [ ] Yes - [x] No [If yes, specify the version the behavior has regressed from] ## Risk - [ ] High - [x] Medium - [ ] Low The change is small but this code is on the critical path of a request. It is executed with every HTTP/2 and HTTP/3 request. ## Verification - [X] Manual (required) - [x] Automated ## Packaging changes reviewed? - [ ] Yes - [ ] No - [x] N/A ---- ## When servicing release/2.1 - [ ] Make necessary changes in eng/PatchConfig.props
- Loading branch information
1 parent
ccf159e
commit d70c12a
Showing
2 changed files
with
70 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters