Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-06-04 08:10:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

core: bound HTTP/3 request header size for DoH3 (#8135)

Browse Source 
This PR Set a conservative MaxHeaderBytes value on the DoH3 HTTP/3 server.
This reduces memory exposure from large request headers before requests
reach the DoH handler.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit is contained in:
Yong Tang
2026-06-01 00:58:39 -07:00
committed by GitHub
parent 4c07a287da
commit 84af2a7a3f
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/dnsserver/server_https3.go
View File

@@ -26,6 +26,8 @@ import (
const (
// DefaultHTTPS3MaxStreams is the default maximum number of concurrent QUIC streams per connection.
DefaultHTTPS3MaxStreams = 256
// DefaultHTTPS3MaxHeaderBytes limits HTTP/3 header memory before requests reach the DoH handler.
DefaultHTTPS3MaxHeaderBytes = 16 << 10 // 16 KiB
)
// ServerHTTPS3 represents a DNS-over-HTTP/3 server.
@@ -91,6 +93,7 @@ func NewServerHTTPS3(addr string, group []*Config) (*ServerHTTPS3, error) {
TLSConfig: tlsConfig,
EnableDatagrams: true,
QUICConfig: qconf,
MaxHeaderBytes: DefaultHTTPS3MaxHeaderBytes,
// Logger: stdlog.New(&loggerAdapter{}, "", 0), TODO: Fix it
}