Infinite read in net/textproto.Reader In September 2023 I discovered an issue in Golang’s net/textproto.Reader. In one of its internal methods (readLineSlice), the code (in an infinite loop) reads data from bufio.Reader and concatenates to line: previously read data. It is using ReadLine which behaves differently from other bufio.Reader methods: this is the only method that does not return an error when internal buffer fills full. Instead, when the buffer becomes full it returns more=true v...| nowotarski.info
What are chunk extensions? A chunk extension can be added to a data chunk in HTTP/1.1 to extend it with some metadata connected to a given chunk. But what are chunks and chunk endcoding in general? Let’s look into RFC9112: The chunked coding allows each chunk to include zero or more chunk extensions, immediately following the chunk-size, for the sake of supplying per-chunk metadata (such as a signature or hash), mid-message control information, or randomization of message body size.| nowotarski.info
This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected| The Cloudflare Blog