Skip to content

Limit size of incoming requests#814

Merged
phbnf merged 3 commits intotransparency-dev:mainfrom
phbnf:MaxBytesHandler
Mar 27, 2026
Merged

Limit size of incoming requests#814
phbnf merged 3 commits intotransparency-dev:mainfrom
phbnf:MaxBytesHandler

Conversation

@phbnf
Copy link
Copy Markdown
Collaborator

@phbnf phbnf commented Mar 26, 2026

This PR limits the size of POST requests to protect memory usage.

@phbnf phbnf requested a review from AlCutter March 26, 2026 17:24
@phbnf phbnf marked this pull request as ready for review March 26, 2026 17:24
@phbnf phbnf requested a review from a team as a code owner March 26, 2026 17:24
AlCutter
AlCutter approved these changes Mar 26, 2026
View reviewed changes
cmd/tesseract/aws/main.go Outdated
Addr: *httpEndpoint,
// Set timeout for reading headers to avoid a slowloris attack.
ReadHeaderTimeout: 5 * time.Second,
MaxHeaderBytes: 1 << 13, // 8 KiB
Copy link
Copy Markdown
Collaborator

@AlCutter AlCutter Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An easier-to-read representation of this might be 8<<10 (if you agree, could do the same for the flags too)

@phbnf phbnf force-pushed the MaxBytesHandler branch from dc1a7d6 to ac09380 Compare March 27, 2026 09:43
@phbnf phbnf changed the title MaxBytesHandler Limit size of incoming chains Mar 27, 2026
@phbnf phbnf changed the title Limit size of incoming chains Limit size of incoming requests Mar 27, 2026
AlCutter
AlCutter approved these changes Mar 27, 2026
View reviewed changes
cmd/tesseract/gcp/main.go Outdated
// Performance flags
httpDeadline = flag.Duration("http_deadline", time.Second*10, "Deadline for HTTP requests.")
maxCertChainBytes = flag.Int64("max_cert_chain_bytes", 1<<19, "Maximum size of certificate chain in bytes for add-chain and add-pre-chain endpoints (default: 512 KiB)")
maxCertChainBytes = flag.Int64("max_cert_chain_bytes", 8<<16, "Maximum size of certificate chain in bytes for add-chain and add-pre-chain endpoints (default: 512 KiB)")
Copy link
Copy Markdown
Collaborator

@AlCutter AlCutter Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about 512<<10?
(The thinking here is that it's easy for folks to recognise that <<10 is ~K, <<20 ~M, <<30 ~G, etc.)

Copy link
Copy Markdown
Collaborator Author

@phbnf phbnf Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense, sorry!

@phbnf phbnf merged commit 4b75d0f into transparency-dev:main Mar 27, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlCutter AlCutter AlCutter approved these changes

Assignees

@AlCutter AlCutter

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@phbnf @AlCutter