Version
1.10.0
Platform
any
Summary
In HTTP/1, Buffered::parse, the check only runs when parse_headers returns None (incomplete headers).
Code Sample
Repro (with max_buf_size(8192) as in the current code):
tcp.write_all(b"GET / HTTP/1.1\r\nHost: x\r\nX: ")?;
tcp.write_all(&[b'a'; 7000])?;
thread::sleep(Duration::from_millis(100)); // force read boundary
tcp.write_all(&[b'a'; 5000])?;
tcp.write_all(b"\r\n\r\n")?;
Total head ≈ 12 KiB, well above the 8192 limit.
Expected Behavior
Expected: 431 Request Header Fields Too Large + TooLarge error.
Actual Behavior
The server happily responds HTTP/1.1 200 OK and the handler sees the oversized X header.
Additional Context
No response
Version
1.10.0
Platform
any
Summary
In HTTP/1,
Buffered::parse, the check only runs whenparse_headersreturnsNone(incomplete headers).Code Sample
Repro (with
max_buf_size(8192)as in the current code):Total head ≈ 12 KiB, well above the 8192 limit.
Expected Behavior
Expected:
431 Request Header Fields Too Large + TooLarge error.Actual Behavior
The server happily responds
HTTP/1.1 200 OKand the handler sees the oversized X header.Additional Context
No response