solderpunk
/
AV-98
9
21
Fork 15
Code Issues 4 Pull Requests 4 Releases Wiki Activity

Limit server header response length #9

Merged
solderpunk merged 2 commits from jprjr/AV-98:header-limit into master 2020-05-16 16:54:03 +00:00
Conversation 1 Commits 2 Files Changed 1 +9 -4
jprjr commented 2020-05-16 14:07:21 +00:00
Contributor
Copy Link

Hi there -

I wrote a quick "malicious" Gemini server that sends a never-ending header, it just spams the space character after writing a response code. AV-98 will keep reading and is eventually killed. On a default Linux install without security limits configured, this can consume all memory and swap before finally being killed by the OS.

The spec doesn't state a maximum length for the total header line, just a maximum length for the meta portion of the header line. This adds a maximum total length, and checks that the meta portion is <= 1024 characters.

Hi there - I wrote a quick "malicious" Gemini server that sends a never-ending header, it just spams the space character after writing a response code. AV-98 will keep reading and is eventually killed. On a default Linux install without security limits configured, this can consume all memory and swap before finally being killed by the OS. The spec doesn't state a maximum length for the total header line, just a maximum length for the meta portion of the header line. This adds a maximum total length, and checks that the meta portion is <= 1024 characters.
solderpunk closed this pull request 2020-05-16 16:54:03 +00:00
solderpunk commented 2020-05-16 16:54:49 +00:00
Owner
Copy Link

Thanks very much for this. Good catch! I'll definitely add this to the list of things which need to be changed in the spec.

Thanks very much for this. Good catch! I'll definitely add this to the list of things which need to be changed in the spec.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: solderpunk/AV-98#9
No description provided.
Delete Branch "jprjr/AV-98:header-limit"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?