Message257446
The issue comes when there is a malformed HTTP request not ending in a new line, it causes the server to hang, not timeout and causes a DoS.
The request that I sent to the server was as follows:
const char *headers = "GET / HTTP/1.1\r\nHost: localhost:8000\r\n";
Which should have been:
const char *headers = "GET / HTTP/1.1\r\nHost: localhost:8000\r\n\r\n";
This causes a the application to await the second set of new-line sequences and hang until they are received which prevents any further connections from being made.
I have just tested this against the latest versions of the library and I can supply a proof of concept code if that would be useful - just let me know.
A recommended fix would be to ensure that all HTTP requests are received in full and in the correct manor prior to being parsed. |
|
Date |
User |
Action |
Args |
2016-01-04 08:54:10 | Richard Clifford | set | recipients:
+ Richard Clifford |
2016-01-04 08:54:10 | Richard Clifford | set | messageid: <1451897650.58.0.64883073344.issue26005@psf.upfronthosting.co.za> |
2016-01-04 08:54:10 | Richard Clifford | link | issue26005 messages |
2016-01-04 08:54:10 | Richard Clifford | create | |
|