net/http: server may open an unlimited number of file descriptors without program control

golang / go

The Go programming language

https://go.dev

BSD 3-Clause "New" or "Revised" License

123.95k stars 17.66k forks source link

net/http: server may open an unlimited number of file descriptors without program control #60765

Open andrewhodel opened 1 year ago

andrewhodel commented 1 year ago

https://cs.opensource.google/go/go/+/refs/tags/go1.19.3:src/net/http/server.go;l=2451

The processing code writes a response to the http socket before exposing the request and path to a closure available by the http module.

This allows anyone to open an extreme number of file descriptors on a linux system and other operating systems that use that construct (tcp stack) for handling timeouts without being able to log it.

andrewhodel commented 1 year ago

This locks the http server often.

ianlancetaylor commented 1 year ago

CC @neild