Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DOS vulnerability by sending a request with many many headers #256

Closed
reem opened this issue Jan 19, 2015 · 0 comments · Fixed by #290
Closed

DOS vulnerability by sending a request with many many headers #256

reem opened this issue Jan 19, 2015 · 0 comments · Fixed by #290
Labels
A-headers Area: headers. A-server Area: server.

Comments

@reem
Copy link
Contributor

reem commented Jan 19, 2015

We currently only check for the size of a single header field rather than all headers combined, this means a malicious client can send a request with thousands of headers and quickly consume a lot of memory on the server before the user of hyper can even access the request to reject it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-headers Area: headers. A-server Area: server.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(headers): add limit to maximum headers that should be parsed hyperium/hyper
1 participant
@reem