Skip to content

Bump maximum header size to 4KiB, alternative version #155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pires merged 4 commits into from
Feb 5, 2026
Merged

Bump maximum header size to 4KiB, alternative version #155

pires merged 4 commits into from
Feb 5, 2026

Conversation

@emersion
Copy link
Contributor

@emersion emersion commented Feb 5, 2026

Alternative to #144 and #150. Based on #154.

See individual commits.

This was referenced Feb 5, 2026
Closed
Closed
pires
pires reviewed Feb 5, 2026
View reviewed changes
@pires pires mentioned this pull request Feb 5, 2026
Merged
pires
pires reviewed Feb 5, 2026
View reviewed changes
Copy link
Owner

@pires pires left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am conceding on increasing the max V2 header size to 4KB as it seems to fix the issues observed by @clementnuss and others.

@emersion
Drop Peek call in parseVersion2
5275f68 
Up until now we were using Peek to ensure (1) the client sent at
least the number of bytes announced in the length field and (2) the
client doesn't exceed a 256 byte limit. This wasn't very explicit,
and forces each connection to pay an up-front memory cost of the
largest header size we want to accept.

Instead, add an explicit check for the max header size (to avoid
DoS), and check that all bytes have been read from the
io.LimitedReader.
@emersion
Bump maximum header size to 4KiB
2c2c768 
PP2_SUBTYPE_SSL_CLIENT_CERT is typically around 1 or 2KiB.
@emersion
Add test for v2 header with medium TLV
2e18214 
Add a test with a 2KiB TLV, which is typical for
PP2_SUBTYPE_SSL_CLIENT_CERT.
@emersion
Add test for v2 header with TLV too large
8cbd33f 
This is important to check for security purposes: all TLVs are
buffered in memory, and we don't want clients to be able to cause
a DoS due to ENOMEM.
@pires pires merged commit 1d477a1 into pires:main Feb 5, 2026
8 checks passed
@emersion emersion deleted the large-tlv branch February 5, 2026 15:40
@pires pires mentioned this pull request Feb 5, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pires pires pires approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@emersion @pires