Skip to content

[release/6.0] HTTP/3: Support canceling requests that aren't reading a body #36109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wtgodbe merged 3 commits into from
Sep 3, 2021
Merged

[release/6.0] HTTP/3: Support canceling requests that aren't reading a body #36109

wtgodbe merged 3 commits into from
Sep 3, 2021

Conversation

@JamesNK
Copy link
Member

@JamesNK JamesNK commented Sep 2, 2021
edited
Loading

Backport of #36017 to release/6.0

Customer Impact

HTTP/3 requests that have been canceled or aborted after the incoming request body is read weren't being correctly removed on the server. This could cause some canceled HTTP requests to hang around on the server, using up resources and creating a memory leak. There is the opportunity for malicious clients to use this to DOS attack the server.

Testing

Functional tests. Also tested with grpc-dotnet.

Risk

Medium-Low. The HTTP/3 abort logic has non-trivial changes. To account for this, the changes have been well tested and reviewed by Kestrel SMEs.

Change is constrained to HTTP/3.

@JamesNK JamesNK mentioned this pull request Sep 2, 2021
Closed
@JamesNK
Copy link
Member Author

JamesNK commented Sep 3, 2021

@wtgodbe Can you merge please 🙏

@wtgodbe wtgodbe merged commit bdae120 into release/6.0 Sep 3, 2021
@wtgodbe wtgodbe deleted the jamesnk/http3-waitwritescomplete-6 branch September 3, 2021 15:33
@ghost ghost added this to the 6.0-rc2 milestone Sep 3, 2021
@amcasey amcasey added area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions and removed area-runtime labels Jun 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@halter73 halter73 halter73 approved these changes

@adityamandaleeka adityamandaleeka adityamandaleeka approved these changes

@BrennanConroy BrennanConroy Awaiting requested review from BrennanConroy

@Tratcher Tratcher Awaiting requested review from Tratcher

Assignees

No one assigned

Labels

area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions

Projects

None yet

Milestone

6.0-rc2

Development

Successfully merging this pull request may close these issues.

6 participants

@JamesNK @halter73 @adityamandaleeka @amcasey @wtgodbe