From bbe0bff8a89dbaa35e11e13bb5198560c540f455 Mon Sep 17 00:00:00 2001 From: Xuewei Niu Date: Sun, 29 Oct 2023 00:01:02 +0800 Subject: [PATCH] fix(jsonrpc): Limit header size to avoid unexpected OOM (#2466) This patch limits the max size of header to 8Mib to avoid OOM issues. Signed-off-by: Xuewei Niu --- protocol/jsonrpc/server.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/protocol/jsonrpc/server.go b/protocol/jsonrpc/server.go index 4470cb277a..2b3e9a7699 100644 --- a/protocol/jsonrpc/server.go +++ b/protocol/jsonrpc/server.go @@ -57,6 +57,8 @@ const ( DefaultHTTPRspBufferSize = 1024 // PathPrefix ... PathPrefix = byte('/') + // Max HTTP header size in Mib + MaxHeaderSize = 8 * 1024 * 1024 ) // Server is JSON RPC server wrapper @@ -121,7 +123,7 @@ func (s *Server) handlePkg(conn net.Conn) { } for { - bufReader := bufio.NewReader(conn) + bufReader := bufio.NewReader(io.LimitReader(conn, MaxHeaderSize)) r, err := http.ReadRequest(bufReader) if err != nil { logger.Warnf("[ReadRequest] error: %v", err)