Boost logo

Boost :

Subject: [boost] [Beast] Security issue note
From: Artyom Beilis (artyom.beilis_at_[hidden])
Date: 2017-06-27 20:40:57

Looking into parser/body code I noticed:


       std::uint64_t> const& content_length,
           error_code& ec)
       wr_->init(content_length, ec);


           std::uint64_t> content_length, error_code& ec)
               if(*content_length > (std::numeric_limits<
                   ec = make_error_code(
               ec.assign(0, ec.category());

Basically I can exhaust the memory of the server and kill it by
providing huge content length from several connections and lead to its

Reasonable and configurable limit should be provided for content length.

Artyom Beilis

Boost list run by bdawes at, gregod at, cpdaniel at, john at