Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

_ChunkedTransferDecoder may buffer an arbitrary amount #10144

Closed
twisted-trac opened this issue Mar 19, 2021 · 3 comments
Closed

_ChunkedTransferDecoder may buffer an arbitrary amount #10144

twisted-trac opened this issue Mar 19, 2021 · 3 comments
Assignees
@twm
Labels
bug fixed priority-normal web

Comments

@twisted-trac
Copy link

twm's avatar @twm reported
Trac ID trac#10144
Type defect
Created 2021-03-19 06:16:46Z
Branch https://github.com/twisted/twisted/tree/10144-chunkedtransferdecoder-buffering

The decoder may buffer an arbitrary amount of memory while waiting for a CRLF sequence in several places:

  1. When waiting for the end of the length and extensions line.
  2. When waiting for a terminating CRLF after data
  3. When waiting for a terminating CRLF after an empty chunk

In case (1) the length of the line should be limited to a reasonable amount (say, 4 KiB).

Cases (2) and (3) are covered by #10137.

This is a follow-up to #3795

Searchable metadata 
trac-id__10144 10144
type__defect defect
reporter__twm twm
priority__normal normal
milestone__None None
branch__10144_chunkedtransferdecoder_buffering 10144-chunkedtransferdecoder-buffering
branch_author__ 
status__closed closed
resolution__fixed fixed
component__web web
keywords__review review
time__1616134606247167 1616134606247167
changetime__1617087660218906 1617087660218906
version__None None
owner__Tom_Most__twm_____ Tom Most <twm@...>
@twisted-trac
Copy link
Author

twm's avatar @twm set owner to @twm
@twm set status to assigned

Draft PR: #1563

@twisted-trac
Copy link
Author

twm's avatar @twm removed owner
@twm set status to new

@twisted-trac
Copy link
Author

twm's avatar @twm set owner to @twm
@twm set status to closed

In changeset a360a8a

#!CommitTicketReference repository="" revision="a360a8a18a73b6dc18412549a6ecad52be9fc5fa"
Merge pull request #1563 from twisted/10144-chunkedtransferdecoder-buffering

Author: twm
Reviewer: adiroiban
Fixes: ticket:10144

Limit ChunkedTransferDecoder buffering

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@twm twm

Labels
bug fixed priority-normal web
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@twm @twisted-trac