Gerard Bouchar created NUTCH-2561: ------------------------------------- Summary: protocol-http can be made to read arbitrarily large HTTP responses Key: NUTCH-2561 URL: https://issues.apache.org/jira/browse/NUTCH-2561 Project: Nutch Issue Type: Sub-task Reporter: Gerard Bouchar
protocol-http limits the size of the HTTP response body. However * There is no limit over the size of the HTTP headers it reads. A bogus server could send an infinite stream of different HTTP headers and cause the fetcher to go out of memory, or send the same HTTP header repeatedly and cause the fetcher to timeout. * The same goes for the HTTP status line: no check is made concerning its size. This can be both a performance and a security problem -- This message was sent by Atlassian JIRA (v7.6.3#76005)