envoy icon indicating copy to clipboard operation
envoy copied to clipboard
verified publisher icon envoyproxy

`http_inspector` cannot handle valid HTTP inspection that requires >8192 bytes to resolve

Open howardjohn opened this issue 1 year ago • 2 comments

If you are reporting any crash or any potential security issue, do not open an issue in this repo. Please report the issue via emailing [email protected] where the issue will be triaged appropriately.

Title: http_inspector cannot handle valid HTTP inspection that requires >8192 bytes to resolve

Description: We discovered an issue in the http_inspector where requests that are valid HTTP but exceed 8192 bytes cause the filter execution to hang.

You can see we will hit this code path at which point we have stopped iteration, but we are also at the max size we are willing to read.

Contrast this to the TLS Inspector code which dynamically changes how much it will read.

Repro steps: Send a request with an >8192 byte url. I used the query param, not sure it matters

howardjohn avatar Sep 16 '24 17:09 howardjohn

CC @briansonnenberg since you were looking into hardening the extension.

kyessenov avatar Sep 16 '24 17:09 kyessenov

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

github-actions[bot] avatar Oct 16 '24 20:10 github-actions[bot]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.

github-actions[bot] avatar Oct 24 '24 00:10 github-actions[bot]

Can this be reopened?

howardjohn avatar Oct 29 '24 19:10 howardjohn

Go ahead and assign it to me, I'll take a look. @kyessenov

briansonnenberg avatar Oct 29 '24 20:10 briansonnenberg

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

github-actions[bot] avatar Nov 29 '24 00:11 github-actions[bot]

Not stale, PR open in https://github.com/envoyproxy/envoy/pull/37002

howardjohn avatar Dec 02 '24 17:12 howardjohn

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

github-actions[bot] avatar Jan 02 '25 00:01 github-actions[bot]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.

github-actions[bot] avatar Jan 09 '25 00:01 github-actions[bot]