[
https://issues.apache.org/jira/browse/HTTPCORE-491?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCORE-491.
----------------------------------------
Resolution: Fixed
> BasicAsyncResponseConsumer can easily be tricked into triggering an OOME
> ------------------------------------------------------------------------
>
> Key: HTTPCORE-491
> URL: https://issues.apache.org/jira/browse/HTTPCORE-491
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore NIO
> Affects Versions: 4.4.7
> Reporter: Michael Heemskerk
> Fix For: 4.4.8
>
>
> When using {{BasicAsyncResponseConsumer}} to consume a response, the consumer
> initializes its {{SimpleInputBuffer}} with the value reported on the
> response's {{Content-Length}} header.
> It's easy to spoof a response with a very large (but smaller than
> Integer.MAX_VALUE) {{Content-Length}} header and have the client pre-allocate
> a massive buffer, triggering an OOME.
> Since {{SimpleInputBuffer}} already expands-on-demand, it would be trivial to
> cap the initial buffer size to some reasonable limit (256k or even 1M)
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
