Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Out-of-memory when reading a HTTP response with large Content-Lenght #119451

Open
serhiy-storchaka opened this issue May 23, 2024 · 0 comments
Open

Out-of-memory when reading a HTTP response with large Content-Lenght #119451

serhiy-storchaka opened this issue May 23, 2024 · 0 comments
Labels
3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes stdlib Python modules in the Lib dir topic-IO type-security A security issue

Comments

@serhiy-storchaka
Copy link
Member

serhiy-storchaka commented May 23, 2024
edited by bedevere-app bot
Loading

http.client.HTTPResponse.read() (without argument) consumes the amount of memory specified by the value of the Content-Lenght header in the response before starting receiving the data from the socket. Normally, if the server does not send enough data, the client gets IncompleteRead error, but if Content-Lenght is too large, it can consume a large amount of memory and CPU time and cause swapping. Therefore, a maleficent server can cause a DOS attack on client by sending a small response.

Linked PRs
@serhiy-storchaka serhiy-storchaka added type-security A security issue stdlib Python modules in the Lib dir 3.11 only security fixes 3.10 only security fixes 3.9 only security fixes 3.8 only security fixes topic-IO 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes labels May 23, 2024
serhiy-storchaka added a commit to serhiy-storchaka/cpython that referenced this issue May 23, 2024
@serhiy-storchaka
pythongh-119451: Fix OOM vulnerability in http.client
25166b1 
Reading the whole body of the HTTP response could cause OOM if
the Content-Length value is too large even if the server does not send
a large amount of data. Now the HTTP client reads large data by chunks,
therefore the amount of consumed memory is proportional to the amount
of sent data.
@bedevere-app bedevere-app bot mentioned this issue May 23, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes stdlib Python modules in the Lib dir topic-IO type-security A security issue
1 participant
@serhiy-storchaka