Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Netty hangs when header too long #2187

Closed
tomas-langer opened this issue Jul 17, 2020 · 1 comment · Fixed by #2244
Closed

Netty hangs when header too long #2187

tomas-langer opened this issue Jul 17, 2020 · 1 comment · Fixed by #2244
Assignees
@tomas-langer
Labels
1.x Issues for 1.x version branch bug Something isn't working P1 webserver
Projects
Backlog

Comments

@tomas-langer
Copy link
Member

Related to #2179

When a header is sent that is too big (such as 120 kb), the request hangs forever.
This is fixed in 2.0., but does not work in 1.4 (tested on latest 1.4.6-SNAPSHOT).

Also the first request with long header gets through and returns a response, the second one hangs.

Expected behaviour:

  1. We should get a 400 response and appropriate message (header too big)
  2. We should have a way to configure a bigger header (see Add Netty configuration options #2179) for cases where this is required.

This is a customer issue where the header is required to be bigger than 8Kb.

Reproducer:

class TestLongHeaders {
    @Test
    void testTooBigHeader() throws InterruptedException, ExecutionException, TimeoutException {
        WebServer ws = WebServer.builder(Routing.builder()
                                                 .get("/", (req, res) -> res.send("Hi"))
                                                 .register("/static", StaticContentSupport.create("/static"))
                                                 .build())
                .build()
                .start()
                .toCompletableFuture()
                .get(10, TimeUnit.SECONDS);

        Client client = ClientBuilder.newClient();
        String target = "http://localhost:" + ws.port();

        String headerValue = header(8000);
        String result = client.target(target)
                .request()
                .header("X_SHORT", headerValue)
                .get(String.class);

        assertThat(result, is("Hi"));

        headerValue = header(10000);
        result = client.target(target)
                .request()
                .header("X_LONG", headerValue)
                .get(String.class);
        assertThat(result, is("Hi"));

        result = client.target(target)
                .request()
                .header("X_LONG", headerValue)
                .get(String.class);
        assertThat(result, is("Hi"));
    }

    private String header(int size) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < size; i++) {
            sb.append("a");
        }
        return sb.toString();
    }
}
@tomas-langer tomas-langer added bug Something isn't working webserver 1.x Issues for 1.x version branch labels Jul 17, 2020
@tomas-langer tomas-langer added this to Needs triage in Backlog via automation Jul 17, 2020
@tomas-langer tomas-langer moved this from Needs triage to High priority in Backlog Jul 17, 2020
@tomas-langer tomas-langer self-assigned this Jul 17, 2020
@tomas-langer tomas-langer moved this from High priority to In Progress in Backlog Jul 17, 2020
@tomas-langer tomas-langer moved this from In Progress to High priority in Backlog Jul 17, 2020
@tomas-langer tomas-langer removed their assignment Jul 17, 2020
@tomas-langer tomas-langer moved this from High priority to Needs triage in Backlog Jul 23, 2020
@barchetta barchetta moved this from Needs triage to High priority in Backlog Jul 23, 2020
@tomas-langer tomas-langer self-assigned this Aug 10, 2020
@tomas-langer tomas-langer moved this from High priority to In Progress in Backlog Aug 10, 2020
@tomas-langer tomas-langer mentioned this issue Aug 10, 2020
Merged
@tomas-langer tomas-langer linked a pull request Aug 11, 2020 that will close this issue
Correctly handling invalid requests and custom configuration for HTTP… #2244
Merged
Backlog automation moved this from In Progress to Closed Aug 11, 2020
@tomas-langer
Copy link
Member Author

Problem is now fixed in 1.x branch and new configuration options were added for server:

Configuration key Default value Java type Description
max-header-size 8192 int Maximal number of bytes of all header values combined. Returns 400 if headers are bigger
max-initial-line-length 4096 int Maximal number of characters in the initial HTTP line. Returns 400 if line is longer
timeout-millis no timeout long Server socket timeout.
receive-buffer-size implementation default int Proposed value of the TCP receive window that is advertised to the remote peer on the server socket.
max-chunk-size 8192 int Maximal size of a chunk to read from incoming requests
validate-headers true boolean Whether to validate header names, if they contain illegal characters.
initial-buffer-size 128 int Initial size of buffer used to parse HTTP line and headers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomas-langer tomas-langer

Labels
1.x Issues for 1.x version branch bug Something isn't working P1 webserver
Projects
Backlog
  
Closed
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Correctly handling invalid requests and custom configuration for HTTP… tomas-langer/helidon
1 participant
@tomas-langer