mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Limit the number of active concurrent HTTP/2 streams

Browse Source 
The initial intent was to limit the number of concurrent streams by
the value of 100 but due to the error when reading the documentation
it was set to the maximum possible number of streams per session.

This could lead to security issues, e.g. a remote attacker could have
taken down the BIND instance by creating lots of sessions via low
number of transport connections. This commit fixes that.
This commit is contained in:
Artem Boldariev
2021-05-12 12:12:21 +03:00
parent d80d1b0dd9
commit 1947f6372d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/isc/netmgr/http.c
View File

@@ -49,7 +49,7 @@
#define MAX_ALLOWED_DATA_IN_POST \
(MAX_DNS_MESSAGE_SIZE + MAX_DNS_MESSAGE_SIZE / 2)
#define MAX_STREAMS_PER_SESSION (NGHTTP2_INITIAL_MAX_CONCURRENT_STREAMS)
#define MAX_STREAMS_PER_SESSION (100)
#define HEADER_MATCH(header, name, namelen) \
(((namelen) == sizeof(header) - 1) && \