kyessenov
commented
2 months ago CC @briansonnenberg since you were looking into hardening the extension.
Open howardjohn opened 2 months ago
kyessenov
commented
2 months ago CC @briansonnenberg since you were looking into hardening the extension.
github-actions[bot]
commented
1 month ago This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.
github-actions[bot]
commented
3 weeks ago This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.
howardjohn
commented
2 weeks ago Can this be reopened?
briansonnenberg
commented
2 weeks ago Go ahead and assign it to me, I'll take a look. @kyessenov
If you are reporting any crash or any potential security issue, do not open an issue in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately.
Title:
http_inspectorcannot handle valid HTTP inspection that requires >8192 bytes to resolveDescription: We discovered an issue in the http_inspector where requests that are valid HTTP but exceed 8192 bytes cause the filter execution to hang.
You can see we will hit this code path at which point we have stopped iteration, but we are also at the max size we are willing to read.
Contrast this to the TLS Inspector code which dynamically changes how much it will read.
Repro steps: Send a request with an >8192 byte url. I used the query param, not sure it matters