Commit: 2f26d91 · Finding: SEC-V-09
Problem
crates/relay/src/lib.rs:266-314 reads 1 KB chunks until EOF, \r\n\r\n, or the 5s BOOTSTRAP_IO_TIMEOUT. The chunk.windows(4).any(...) check only looks inside the latest chunk — a CRLFCRLF spanning two chunks is missed, so the loop runs until the deadline. No cap on how many chunks are read either.
Refines #176 (which covers the outer-deadline gap) with a distinct concrete issue in the same file.
Fix
Accumulate into a small bounded buffer (e.g. 8 KB) and search all of it for \r\n\r\n each iteration; bail if the accumulated buffer exceeds the cap. Alternatively maintain a rolling 4-byte tail across iterations.
Obvious fix — will be auto-PR'd.
Commit:
2f26d91· Finding:SEC-V-09Problem
crates/relay/src/lib.rs:266-314reads 1 KB chunks until EOF,\r\n\r\n, or the 5sBOOTSTRAP_IO_TIMEOUT. Thechunk.windows(4).any(...)check only looks inside the latest chunk — a CRLFCRLF spanning two chunks is missed, so the loop runs until the deadline. No cap on how many chunks are read either.Refines #176 (which covers the outer-deadline gap) with a distinct concrete issue in the same file.
Fix
Accumulate into a small bounded buffer (e.g. 8 KB) and search all of it for
\r\n\r\neach iteration; bail if the accumulated buffer exceeds the cap. Alternatively maintain a rolling 4-byte tail across iterations.Obvious fix — will be auto-PR'd.