Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add optional max header list size #163

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

hjr3
Copy link

@hjr3 hjr3 commented May 4, 2024

Prior to parsing headers, both the request and response parsers now check that the remaining buffer length does not exceed the configured max size. If the length does exceed the max size, a new HeadersTooLarge error is returned.

Relates to hyperium/hyper#3283 and hyperium/hyper#3637 (comment)

Prior to parsing headers, both the request and response parsers now
check that the remaining buffer length does not exceed the configured
max size. If the length does exceed the max size, a new HeadersTooLarge
error is returned.
@hjr3 hjr3 force-pushed the max-header-list-size branch from 489f400 to 6eae286 Compare May 4, 2024 12:15
@seanmonstar
Copy link
Owner

Hm, at this level, I would probably assume the caller could enforce this limit. Since this library just parses headers from a slice that the caller owns.

@hjr3
Copy link
Author

hjr3 commented May 4, 2024

Hm, at this level, I would probably assume the caller could enforce this limit. Since this library just parses headers from a slice that the caller owns.

My thinking is that we want to avoid spending time parsing the headers if we already know the the header list size exceeds the max. In order to do so, we need to know the remaining length of the buffer after that initially parsing the request/response.

If we are fine accepting the parsing time, then we could enforce the limit post-parsing at https://github.com/hyperium/hyper/blob/c62ea805b5b7ecdd56d69106387048218b4521ba/src/proto/h1/role.rs#L180

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants