hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Heemskerk (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCORE-491) BasicAsyncResponseConsumer can easily be tricked into triggering an OOME
Date Wed, 27 Sep 2017 13:41:00 GMT

    [ https://issues.apache.org/jira/browse/HTTPCORE-491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16182570#comment-16182570

Michael Heemskerk commented on HTTPCORE-491:

Thanks, I wasn't sure what the best way to contribute was. I'll spin up a PR on Github

> BasicAsyncResponseConsumer can easily be tricked into triggering an OOME
> ------------------------------------------------------------------------
>                 Key: HTTPCORE-491
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-491
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore NIO
>    Affects Versions: 4.4.7
>            Reporter: Michael Heemskerk
>             Fix For: 4.4.8
> When using {{BasicAsyncResponseConsumer}} to consume a response, the consumer initializes
its {{SimpleInputBuffer}} with the value reported on the response's {{Content-Length}} header.
> It's easy to spoof a response with a very large (but smaller than Integer.MAX_VALUE)
{{Content-Length}} header and have the client pre-allocate a massive buffer, triggering an
> Since {{SimpleInputBuffer}} already expands-on-demand, it would be trivial to cap the
initial buffer size to some reasonable limit (256k or even 1M) 

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message