5900b2f53d (master): [ruby/net-http] Limit the total size of response headers
0 views
Skip to first unread message
Hiroshi SHIBATA
3:02 AM (6 hours ago) 3:02 AM
to ruby...@g.ruby-lang.org
Hiroshi SHIBATA 2026-06-10 02:14:11 +0000 (Wed, 10 Jun 2026)
New Revision: 5900b2f53d
https://github.com/ruby/ruby/commit/5900b2f53d
Log:
[ruby/net-http] Limit the total size of response headers
each_response_header read header lines until the blank separator with no
bound on their total size, so a server could exhaust client memory by
sending a large header block. Cap the cumulative size at 1 MiB and raise
Net::HTTPBadResponse once it is exceeded.
https://github.com/ruby/net-http/commit/ebe8f3876f
Co-authored-by: Yusuke Endoh <ma...@ruby-lang.org>
Co-authored-by: Nobuyoshi Nakada <no...@ruby-lang.org>
Co-Authored-By: Claude Fable 5 <nor...@anthropic.com>
Modified files:
lib/net/http/response.rb
test/net/http/test_httpresponse.rb
New Revision: 5900b2f53d
https://github.com/ruby/ruby/commit/5900b2f53d
Log:
[ruby/net-http] Limit the total size of response headers
each_response_header read header lines until the blank separator with no
bound on their total size, so a server could exhaust client memory by
sending a large header block. Cap the cumulative size at 1 MiB and raise
Net::HTTPBadResponse once it is exceeded.
https://github.com/ruby/net-http/commit/ebe8f3876f
Co-authored-by: Yusuke Endoh <ma...@ruby-lang.org>
Co-authored-by: Nobuyoshi Nakada <no...@ruby-lang.org>
Co-Authored-By: Claude Fable 5 <nor...@anthropic.com>
Modified files:
lib/net/http/response.rb
test/net/http/test_httpresponse.rb
Reply all
Reply to author
Forward
0 new messages