Denial of service when the server sends an infinitely large header

Question

Denial of service when the server sends an infinitely large header

Shnatsel opened this issue 4 years ago · 6 comments

minreq will use an unbounded amount of memory if the server sends a single infinitely large header. This can be used to exhaust the memory on the machine and cause a denial of service.

You can reproduce the issue by running the following in Linux console and then connecting to localhost:8080 with minreq:

( echo -e "HTTP/1.1 200 OK\r"; echo -n "Huge-header: "; yes A | tr -d '\n' ) | nc -l localhost 8080

Tested using this code for minreq. You can inspect the Cargo.lock to know the exact dependency versions.

Answer 1 · 2021-03-24T00:36:01.000Z

This also works when sending a great many smaller headers.

Answer 2 · 2021-03-24T00:36:42.000Z

Wrong issue tracker, or typo in crate name?

Answer 3 · 2021-03-24T00:47:27.000Z

Typo. Let me fix it. Sorry!

Answer 4 · 2021-03-24T00:49:16.000Z

Fixed now. This is what happens when I test 9 clients for 3 DoS issues each at the end of a long day.

Answer 5 · 2021-03-24T00:51:20.000Z

I appreciate the effort you put into these! It's a shame I don't have the time to fix them at the same pace 😄

Answer 6 · 2021-05-12T14:35:49.000Z

Fixed in efbaf75, though it's opt-in until 3.0.0.