Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HttpParser argument max_headers is not enforced #6721

Closed
1 task done
starflows opened this issue Apr 27, 2022 · 2 comments
Closed
1 task done

HttpParser argument max_headers is not enforced #6721

starflows opened this issue Apr 27, 2022 · 2 comments
Labels

Comments

@starflows
Copy link
Contributor

Describe the bug

The max_headers argument is not used. It does not limit the number of headers allowed in a response.

To Reproduce

See the failing unittest

async def test_max_headers_session_default_fail(aiohttp_client: Any) -> None:

Expected behavior

I assume the argument should limit how many headers a response may have.
I expect the request to fail if too many headers are returned.

Logs/tracebacks

The new unittest https://github.com/aio-libs/aiohttp/blob/188852b8d9ff082ce7793f3f8d03128cc62f3ac1/tests/test_client_functional.py#L3155 of https://github.com/aio-libs/aiohttp/pull/6720 does not fail although more than the allowed 32768 headers are returned.

Python Version

$ python --version
Python 3.10.4

aiohttp Version

$ python -m pip show aiohttp
Name: aiohttp
Version: 4.0.0a1
Summary: Async http client/server framework (asyncio)
Home-page: https://github.com/aio-libs/aiohttp
Author: 
Author-email: 
License: Apache 2
Location: /home/work/starflows/aiohttp
Requires: aiosignal, async_timeout, charset-normalizer, frozenlist, multidict, typing_extensions, yarl
Required-by:

multidict Version

$ python -m pip show multidict
Name: multidict
Version: 5.2.0
Summary: multidict implementation
Home-page: https://github.com/aio-libs/multidict
Author: Andrew Svetlov
Author-email: [email protected]
License: Apache 2
Location: /home/work/starflows/aiohttp/venv/lib/python3.10/site-packages
Requires: 
Required-by: aiohttp, yarl

yarl Version

$ python -m pip show yarl
Name: yarl
Version: 1.7.2
Summary: Yet another URL library
Home-page: https://github.com/aio-libs/yarl/
Author: Andrew Svetlov
Author-email: [email protected]
License: Apache 2
Location: /home/work/starflows/aiohttp/venv/lib/python3.10/site-packages
Requires: idna, multidict
Required-by: aiohttp

OS

Arch Linux 5.17.4-arch1-1

Related component

Client

Additional context

No response

Code of Conduct

  • I agree to follow the aio-libs Code of Conduct
@Dreamsorcerer
Copy link
Member

Appears to limit the max size of each header, not the total number of headers:

b'\r\n\r\n', self.max_headers, errors.LineTooLong)

Looks to me like it was part of some functionality that has been completely removed, so the parameter itself should just be removed:
6d3866e#diff-dc6514f769f186d6dccbcc5068ac159225ead876cc4bf76ec305585739467659L226

starflows pushed a commit to starflows/aiohttp that referenced this issue Apr 28, 2022
Dreamsorcerer added a commit that referenced this issue May 9, 2022
* remove unused max_headers (#6721)

* Add change description

* Update and rename 6721.bugfix to 6721.misc

Co-authored-by: Stefan <[email protected]>
Co-authored-by: Sam Bull <[email protected]>
@Dreamsorcerer
Copy link
Member

#6725

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants