Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Early rejection for requests exceeding configured maxRequestLength #5880

Open
yzfeng2020 opened this issue Aug 21, 2024 · 0 comments
Open

Early rejection for requests exceeding configured maxRequestLength #5880

yzfeng2020 opened this issue Aug 21, 2024 · 0 comments
Labels
defect
Milestone
1.32.0

Comments

@yzfeng2020
Copy link
Contributor

yzfeng2020 commented Aug 21, 2024
edited
Loading

It is is possible to implement early rejection of HTTP requests when the Content-Length header indicates a value larger than the maximum configured request length. This would be beneficial to avoid unnecessary processing of oversized requests.

The relevant code section is located at

armeria/core/src/main/java/com/linecorp/armeria/server/Http1RequestDecoder.java

Lines 211 to 226 in d30dff0

if (contentLengthStr != null) {
long contentLength;
try {
contentLength = Long.parseLong(contentLengthStr);
} catch (NumberFormatException ignored) {
contentLength = -1;
}
if (contentLength < 0) {
fail(id, headers, HttpStatus.BAD_REQUEST, "Invalid content length", null);
return;
}
contentEmpty = contentLength == 0;
} else {
contentEmpty = true;
}
for H1 and

armeria/core/src/main/java/com/linecorp/armeria/server/Http2RequestDecoder.java

Lines 167 to 180 in d30dff0

final String contentLengthStr = headers.get(HttpHeaderNames.CONTENT_LENGTH);
if (contentLengthStr != null) {
long contentLength;
try {
contentLength = Long.parseLong(contentLengthStr);
} catch (NumberFormatException ignored) {
contentLength = -1;
}
if (contentLength < 0) {
writeErrorResponse(streamId, headers, HttpStatus.BAD_REQUEST,
"Invalid content length", null);
return;
}
}
for H2.

discord discussion: https://discord.com/channels/1087271586832318494/1087272728177942629/1275651316034699327
@ikhoon ikhoon added this to the 1.31.0 milestone Sep 12, 2024
@ikhoon ikhoon added the defect label Sep 12, 2024
@jrhee17 jrhee17 modified the milestones: 1.31.0, 1.32.0 Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect
Projects
None yet
Milestone
1.32.0
Development

No branches or pull requests
3 participants
@ikhoon @jrhee17 @yzfeng2020