shavar.parse.parse_gethash() asks for denial-of-service

Question

shavar.parse.parse_gethash() asks for denial-of-service

Closed this issue 8 years ago · 0 comments

I sent a request for the /gethash endpoint (staging, not production) using the following payload:

1:10000000000\n

After a while I got "504 GATEWAY_TIMEOUT" back. This is because the loop here is flawed, it will continue to attempt reading even if there is nothing left to be read. It should break out of the loop if len(prefix) is zero.