…y bytes, not entries
The canonical header cache is a per-connection cache mapping header
keys to their canonicalized form. (For example, "foo-bar" => "Foo-Bar").
We limit the number of entries in the cache to prevent an attacker
from consuming unbounded amounts of memory by sending many unique
keys, but a small number of very large keys can still consume an
unreasonable amount of memory.
Track the amount of memory consumed by the cache and limit it based
on memory rather than number of entries.
Thanks to Josselin Costanzi for reporting this issue.
Reviewed-by: Roland Shoemaker <email@example.com>
Reviewed-by: Julie Qiu <firstname.lastname@example.org>
Run-TryBot: Damien Neil <email@example.com>
Reviewed-by: Tatiana Bradley <firstname.lastname@example.org>
TryBot-Result: Gopher Robot <email@example.com>
Reviewed-by: Damien Neil <firstname.lastname@example.org>
Reviewed-by: Jenny Rakoczy <email@example.com>