mirror of
https://github.com/tokio-rs/tokio.git
synced 2025-09-28 12:10:37 +00:00
3dd95a9ff1
## Motivation Currently, there is a potential denial of service vulnerability in the `lines` codec. Since there is no bound on the buffer that holds data before it is split into a new line, an attacker could send an unbounded amount of data without sending a `\n` character. ## Solution This branch adds a `new_with_max_length` constructor for `LinesCodec` that configures a limit on the maximum number of bytes per line. When the limit is reached, the the overly long line will be discarded (in `max_length`-sized increments until a newline character or the end of the buffer is reached. It was also necessary to add some special-case logic to avoid creating an empty line when the length limit is reached at the character immediately _before_ a `\n` character. Additionally, this branch adds new tests for this function, including a test for changing the line limit in-flight. ## Notes This branch makes the following changes from my original PR with this change (#590): - The whole too-long line is discarded at once in the first call to `decode` that encounters it. - Only one error is emitted per too-long line. - Made all the changes requested by @carllerche in https://github.com/tokio-rs/tokio/pull/590#issuecomment-420735023 Fixes: #186 Signed-off-by: Eliza Weisman <eliza@buoyant.io>