implement a buffer pool for STREAM frames

2025-04-03 20:27:35 +03:00 · 2019-09-04 16:45:39 +07:00 · 2019-09-04 16:45:39 +07:00 · 5ea33cd31e
commit 5ea33cd31e
parent 326ec9e16e
70 changed files with 193 additions and 48 deletions
--- a/internal/protocol/params.go
+++ b/internal/protocol/params.go
@ -81,6 +81,11 @@ const MaxNonAckElicitingAcks = 19
 // prevents DoS attacks against the streamFrameSorter
 const MaxStreamFrameSorterGaps = 1000

+// MinStreamFrameBufferSize is the minimum data length of a received STREAM frame
+// that we use the buffer for. This protects against a DoS where an attacker would send us
+// very small STREAM frames to consume a lot of memory.
+const MinStreamFrameBufferSize = 128
+
 // MaxCryptoStreamOffset is the maximum offset allowed on any of the crypto streams.
 // This limits the size of the ClientHello and Certificates that can be received.
 const MaxCryptoStreamOffset = 16 * (1 << 10)