Protect against slow read attack Right now as long as an attacker continutes to do a slow read, the connection will stay open forever. Set a timeout so this can't happen. Tested: Used slowhttptest to verify this wouldn't happen Change-Id: I4dbe2a18f9ccce0ba36875572ec3df6bf3be6a1e Signed-off-by: James Feist <james.feist@linux.intel.com>

commit: f0af8594734a83a242d7a2af7accbd5ba45df1d9 [log] [tgz]
author: James Feist <james.feist@linux.intel.com> Fri Mar 27 16:28:59 2020 -0700
committer: James Feist <james.feist@linux.intel.com> Tue Mar 31 20:31:10 2020 +0000
tree: 6c8bebc35e249f000a9d1ad6d431e1e87581b025
parent: c6f4e01779afb7a6eb25be15003829b46f81ba4c [diff] [blame]
diff --git a/http/timer_queue.h b/http/timer_queue.h
index 7339d66..d7a427e 100644
--- a/http/timer_queue.h
+++ b/http/timer_queue.h

@@ -11,6 +11,9 @@
 {
 namespace detail
 {
+
+constexpr const size_t timerQueueTimeoutSeconds = 5;
+
 // fast timer queue for fixed tick value.
 class TimerQueue
 {
@@ -49,7 +52,8 @@
             // remove canceled ones immediately
             if (x.second)
             {
-                if (now - x.first < std::chrono::seconds(5))
+                if (now - x.first <
+                    std::chrono::seconds(timerQueueTimeoutSeconds))
                 {
                     break;
                 }
commit	f0af8594734a83a242d7a2af7accbd5ba45df1d9	[log] [tgz]
author	James Feist <james.feist@linux.intel.com>	Fri Mar 27 16:28:59 2020 -0700
committer	James Feist <james.feist@linux.intel.com>	Tue Mar 31 20:31:10 2020 +0000
tree	6c8bebc35e249f000a9d1ad6d431e1e87581b025
parent	c6f4e01779afb7a6eb25be15003829b46f81ba4c [diff] [blame]