Enforce body size limits in protocol parsers#3382
Merged
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enforces the global max_body_size limit across several protocol parsers (HTTP/1, HTTP/2, memcache, couchbase) to prevent buffering or waiting on oversized message bodies, and adds regression coverage for the new enforcement paths.
Changes:
- Enforce
max_body_sizeduring non-progressive HTTP body parsing; return HTTP 413 for oversized HTTP/1 requests and reset oversized HTTP/2 streams withENHANCE_YOUR_CALM. - Reject oversized memcache and couchbase responses immediately after parsing their fixed-size headers.
- Add new unit tests covering fixed-length/chunked HTTP and oversized memcache/couchbase responses.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| test/brpc_memcache_unittest.cpp | Adds regression test ensuring oversized memcache responses are rejected before buffering the body. |
| test/brpc_http_rpc_protocol_unittest.cpp | Adds MaxBodySizeGuard and HTTP/1 tests verifying 413 behavior for oversized fixed-length and chunked bodies. |
| test/brpc_couchbase_unittest.cpp | Adds regression test ensuring oversized couchbase responses are rejected before buffering the body. |
| src/brpc/policy/memcache_binary_protocol.cpp | Enforces FLAGS_max_body_size against memcache total_body_length immediately after header parse. |
| src/brpc/policy/http2_rpc_protocol.cpp | Returns H2_ENHANCE_YOUR_CALM for oversized HTTP/2 stream bodies instead of a generic protocol error. |
| src/brpc/policy/http_rpc_protocol.cpp | Detects HttpMessage oversize condition and writes HTTP 413 (server-side) or returns TOO_BIG_DATA (client-side). |
| src/brpc/policy/couchbase_protocol.cpp | Enforces FLAGS_max_body_size against couchbase total_body_length immediately after header parse. |
| src/brpc/details/http_message.h | Adds body_too_large() and tracking fields to support non-progressive body size enforcement. |
| src/brpc/details/http_message.cpp | Tracks accumulated non-progressive body size and fails early when appending would exceed max_body_size. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What problem does this PR solve?
Issue Number: null
Problem Summary:
Some HTTP, memcache, and couchbase parsing paths did not consistently enforce
the global
max_body_sizesetting. Non-progressive HTTP messages could buffermore data than configured, while memcache and couchbase parsers could wait for
an oversized body declared in a response header.
What is changed and the side effects?
Changed:
data before appending beyond
max_body_size.writing the response.
ENHANCE_YOUR_CALM.their fixed-size headers.
couchbase messages.
Side effects:
overflow-safe size comparison and addition. Memcache and couchbase add one
comparison per response. No additional scan, allocation, or copy is added.
max_body_sizearenow rejected as documented. Progressive HTTP reading remains unchanged so
existing bounded-memory streaming transfers can exceed this setting.
Check List: