mirror of
https://github.com/tokio-rs/tokio.git
synced 2025-09-25 12:00:35 +00:00
3dd95a9ff1
## Motivation Currently, there is a potential denial of service vulnerability in the `lines` codec. Since there is no bound on the buffer that holds data before it is split into a new line, an attacker could send an unbounded amount of data without sending a `\n` character. ## Solution This branch adds a `new_with_max_length` constructor for `LinesCodec` that configures a limit on the maximum number of bytes per line. When the limit is reached, the the overly long line will be discarded (in `max_length`-sized increments until a newline character or the end of the buffer is reached. It was also necessary to add some special-case logic to avoid creating an empty line when the length limit is reached at the character immediately _before_ a `\n` character. Additionally, this branch adds new tests for this function, including a test for changing the line limit in-flight. ## Notes This branch makes the following changes from my original PR with this change (#590): - The whole too-long line is discarded at once in the first call to `decode` that encounters it. - Only one error is emitted per too-long line. - Made all the changes requested by @carllerche in https://github.com/tokio-rs/tokio/pull/590#issuecomment-420735023 Fixes: #186 Signed-off-by: Eliza Weisman <eliza@buoyant.io>
tokio-codec
Utilities for encoding and decoding frames.
Usage
First, add this to your Cargo.toml:
[dependencies]
tokio-codec = "0.1"
Next, add this to your crate:
extern crate tokio_codec;
You can find extensive documentation and examples about how to use this crate online at https://tokio.rs. The API documentation is also a great place to get started for the nitty-gritty.
License
This project is licensed under the MIT license.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in Tokio by you, shall be licensed as MIT, without any additional terms or conditions.