GitHub user mheemskerk opened a pull request:
https://github.com/apache/httpcomponents-core/pull/52
HTTPCORE-491 make basicasyncresponseconsumer paranoid
`BasicAsyncRequestConsumer` and `BasicAsyncResponseConsumer` used to
blindly pre-allocate a buffer of `Content-Length`. If the request / response
is crafted to have a very large `Content-Length` header, this can result in
`OutOfMemoryError`s.
This limits the initial buffer size to 256kb, while still allowing the
buffer to grow if a larger message is read.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mheemskerk/httpcomponents-core
HTTPCORE-491-make-basicasyncresponseconsumer-paranoid
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/httpcomponents-core/pull/52.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #52
----
commit 273c1817ebd4ab40e29c05365e488cdd76a4186b
Author: Michael Heemskerk <[email protected]>
Date: 2017-09-27T14:00:30Z
HTTPCORE-491 Make BasicAsyncRequest|ResponseConsumer more paranoid
BasicAsyncRequestConsumer and BasicAsyncResponseConsumer used to
blindly pre-allocate a buffer of Content-Length. If the request / response
is crafted to have a very large Content-Length header, this can result in
OutOfMemoryErrors.
This limits the initial buffer size to 256kb, while still allowing the
buffer to grow if a larger message is read.
----
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
