[jira] [Resolved] (AXIS2C-1480) Improve performance of reading HTTP headers

Sun, 18 Jan 2026 15:12:08 -0800 


     [ 
https://issues.apache.org/jira/browse/AXIS2C-1480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Lazarski resolved AXIS2C-1480.
-------------------------------------
    Fix Version/s: 2.0.0
       Resolution: Fixed

See new docs for more info: docs/HTTP11_SOAP_HTTP_CLIENT_C.md

  Implement efficient buffered header reading to replace byte-by-byte
    reading which caused excessive syscalls. The new implementation:
    
    - Reads headers in 4KB chunks instead of 1 byte at a time
    - Scans for CRLF line endings in memory
    - Uses a prepend stream wrapper to preserve body data read during
      header parsing
    
    Bug fixes:
    - Fix axis2_http_client_send returning FAILURE for empty body requests
      (GET or POST with Content-Length: 0)
    - Fix NULL pointer crash when receiving malformed HTTP status lines
      (potential security vulnerability)
    - Add AXIS2_STREAM_MANAGED type for proper cleanup of wrapper streams
    
    Security test coverage (test_axis2c_1480.cc):
    - Buffer overflow attempts via 100KB headers
    - Resource exhaustion via 10,000 headers
    - CRLF header injection
    - Null byte injection
    - Malformed/incomplete responses
    - CR-only and LF-only line endings
    - Negative and huge Content-Length values
    - Slowloris-style slow delivery


> Improve performance of reading HTTP headers
> -------------------------------------------
>
>                 Key: AXIS2C-1480
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-1480
>             Project: Axis2-C
>          Issue Type: Improvement
>          Components: transport/http, util
>            Reporter: Nadir K. Amra
>            Priority: Major
>             Fix For: 2.0.0
>
>
> Currently, in file src/core/transport/http/sender/http_client.c, when 
> processing HTTP headers, we read the data 1 byte at a time.  This is too 
> inefficient and performance intensive, since each read means a read to the 
> TCP/IP stack. 
> The proposal is to improve the stream utility support so that one can specify 
> a minimum number of bytes to read.  So that when a read comes down that is 
> less than the minimum, we read the minimum into a stream buffer and then copy 
> the requested read length into caller buffer.  So next time stream is read, 
> and there is data in the stream buffer, the data is returned without having 
> to do a socket read. 
> We can probably extend this on the stream write-side as well. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to