-
Brad Fitzpatrick authored
Previously, if an http.Handler didn't fully consume a Request.Body before returning and the request and the response from the handler indicated no reason to close the connection, the server would read an unbounded amount of the request's unread body to advance past the request message to find the next request's header. That was a potential DoS. With this CL there's a threshold under which we read (currently 256KB) in order to keep the connection in keep-alive mode, but once we hit that, we instead switch into a "Connection: close" response and don't read the request body. Fixes #2093 (along with number of earlier CLs) R=golang-dev, dsymonds CC=golang-dev https://golang.org/cl/5268043
5079129d
| Name |
Last commit
|
Last update |
|---|---|---|
| doc | ||
| include | ||
| lib | ||
| misc | ||
| src | ||
| test | ||
| .hgignore | ||
| .hgtags | ||
| AUTHORS | ||
| CONTRIBUTORS | ||
| LICENSE | ||
| PATENTS | ||
| README | ||
| favicon.ico | ||
| robots.txt |