surf will use an unbounded amount of memory if the server sends a single infinitely large header. surf has some DoS prevention (see #289) but it only protects from an infinite amount of headers, not from a single infinitely large header.
You can reproduce the issue by running the following in Linux console and then connecting to localhost:8080 with surf:
surf will use an unbounded amount of memory if the server sends a single infinitely large header. surf has some DoS prevention (see #289) but it only protects from an infinite amount of headers, not from a single infinitely large header.
You can reproduce the issue by running the following in Linux console and then connecting to
localhost:8080with surf:( echo -e "HTTP/1.1 200 OK\r"; echo -n "Huge-header: "; yes A | tr -d '\n' ) | nc -l localhost 8080Tested using this code for surf. You can inspect the Cargo.lock to know the exact dependency versions.
I've only tested the async-h1 backend; I don't know if the other backends are affected.