Fixes #12670 - Improve buffer management of HTTP/1 response headers. (#12777)

* Backported #12544 (client-side handling of request header overflow).
* Introduced HttpConfiguration.maxResponseHeaderSize
* Implemented server-side handling of response header overflow, similar to the client.

Signed-off-by: Simone Bordet <[email protected]>

Author: sbordet

jetty-core/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java

@@ -125,7 +125,9 @@ public class HttpClient extends ContainerLifeCycle implements AutoCloseable
     private int maxConnectionsPerDestination = 64;
     private int maxRequestsQueuedPerDestination = 1024;
     private int requestBufferSize = 4096;
+    private int maxRequestHeadersSize = 8192;
     private int responseBufferSize = 16384;
+    private int maxResponseHeadersSize = -1;
     private int maxRedirects = 8;
     private long addressResolutionTimeout = 15000;
     private boolean strictEventOrdering = false;
@@ -135,7 +137,6 @@ public class HttpClient extends ContainerLifeCycle implements AutoCloseable
     private String defaultRequestContentType = "application/octet-stream";
     private boolean useInputDirectByteBuffers = true;
     private boolean useOutputDirectByteBuffers = true;
-    private int maxResponseHeadersSize = -1;
     private Sweeper destinationSweeper;
 
     /**
@@ -1077,6 +1078,24 @@ public void setUseInputDirectByteBuffers(boolean useInputDirectByteBuffers)
         this.useInputDirectByteBuffers = useInputDirectByteBuffers;
     }
 
+    /**
+     * @return the max size in bytes of the request headers
+     */
+    @ManagedAttribute("The max size in bytes of the request headers")
+    public int getMaxRequestHeadersSize()
+    {
+        return maxRequestHeadersSize;
+    }
+
+    /**
+     * Set the max size in bytes of the request headers.
+     * @param maxRequestHeadersSize the max size in bytes of the request headers
+     */
+    public void setMaxRequestHeadersSize(int maxRequestHeadersSize)
+    {
+        this.maxRequestHeadersSize = maxRequestHeadersSize;
+    }
+
     /**
      * @return whether to use direct ByteBuffers for writing
      */

jetty-core/jetty-client/src/main/java/org/eclipse/jetty/client/transport/internal/HttpSenderOverHTTP.java

@@ -157,6 +157,7 @@ protected Action process() throws Exception
             HttpClient httpClient = getHttpChannel().getHttpDestination().getHttpClient();
             HttpExchange exchange = getHttpExchange();
             ByteBufferPool bufferPool = httpClient.getByteBufferPool();
+            int requestHeadersSize = httpClient.getRequestBufferSize();
             boolean useDirectByteBuffers = httpClient.isUseOutputDirectByteBuffers();
             while (true)
             {
@@ -173,14 +174,25 @@ protected Action process() throws Exception
                 {
                     case NEED_HEADER:
                     {
-                        headerBuffer = bufferPool.acquire(httpClient.getRequestBufferSize(), useDirectByteBuffers);
+                        generator.setMaxHeaderBytes(getHttpChannel().getHttpDestination().getHttpClient().getMaxRequestHeadersSize());
+                        headerBuffer = bufferPool.acquire(requestHeadersSize, useDirectByteBuffers);
                         break;
                     }
                     case HEADER_OVERFLOW:
                     {
-                        headerBuffer.release();
-                        headerBuffer = null;
-                        throw new IllegalArgumentException("Request header too large");
+                        int maxRequestHeadersSize = httpClient.getMaxRequestHeadersSize();
+                        if (maxRequestHeadersSize > requestHeadersSize)
+                        {
+                            generator.reset();
+                            headerBuffer.release();
+                            headerBuffer = bufferPool.acquire(maxRequestHeadersSize, useDirectByteBuffers);
+                            requestHeadersSize = maxRequestHeadersSize;
+                            break;
+                        }
+                        else
+                        {
+                            throw new IllegalArgumentException("Request headers too large");
+                        }
                     }
                     case NEED_CHUNK:
                     {
@@ -189,7 +201,7 @@ protected Action process() throws Exception
                     }
                     case NEED_CHUNK_TRAILER:
                     {
-                        chunkBuffer = bufferPool.acquire(httpClient.getRequestBufferSize(), useDirectByteBuffers);
+                        chunkBuffer = bufferPool.acquire(requestHeadersSize, useDirectByteBuffers);
                         break;
                     }
                     case FLUSH:

jetty-core/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTest.java

@@ -59,8 +59,11 @@
 import org.eclipse.jetty.io.ClientConnector;
 import org.eclipse.jetty.io.Content;
 import org.eclipse.jetty.io.EndPoint;
+import org.eclipse.jetty.io.RetainableByteBuffer;
 import org.eclipse.jetty.logging.StacklessLogging;
 import org.eclipse.jetty.server.Handler;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
 import org.eclipse.jetty.server.internal.HttpChannelState;
 import org.eclipse.jetty.toolchain.test.Net;
 import org.eclipse.jetty.toolchain.test.jupiter.WorkDir;
@@ -1936,6 +1939,108 @@ protected void service(org.eclipse.jetty.server.Request request, org.eclipse.jet
         assertEquals(HttpStatus.OK_200, response.getStatus());
     }
 
+    @ParameterizedTest
+    @ArgumentsSource(ScenarioProvider.class)
+    public void testRequestHeadersSizeOverflow(Scenario scenario) throws Exception
+    {
+        start(scenario, new EmptyServerHandler());
+
+        RetainableByteBuffer buffer = client.getByteBufferPool().acquire(client.getRequestBufferSize(), false);
+        int capacity = buffer.capacity();
+        buffer.release();
+        client.setMaxRequestHeadersSize(3 * capacity);
+        connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setRequestHeaderSize(3 * capacity);
+
+        ContentResponse response = client.newRequest("localhost", connector.getLocalPort())
+            .scheme(scenario.getScheme())
+            // Overflow the default request headers size, but don't exceed the max.
+            .agent("A".repeat(2 * capacity))
+            .timeout(5, TimeUnit.SECONDS)
+            .send();
+
+        assertEquals(HttpStatus.OK_200, response.getStatus());
+    }
+
+    @ParameterizedTest
+    @ArgumentsSource(ScenarioProvider.class)
+    public void testResponseHeadersSizeOverflow(Scenario scenario) throws Exception
+    {
+        start(scenario, new EmptyServerHandler()
+        {
+            @Override
+            protected void service(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response)
+            {
+                int capacity = (int)request.getHeaders().getLongField("X-Capacity");
+                // Overflow the default response headers size, but don't exceed the max.
+                response.getHeaders().put("X-Large", "A".repeat(2 * capacity));
+            }
+        });
+
+        HttpConfiguration httpConfig = connector.getBean(HttpConnectionFactory.class).getHttpConfiguration();
+        RetainableByteBuffer buffer = server.getByteBufferPool().acquire(httpConfig.getResponseHeaderSize(), false);
+        int capacity = buffer.capacity();
+        buffer.release();
+        httpConfig.setMaxResponseHeaderSize(3 * capacity);
+        client.setMaxResponseHeadersSize(3 * capacity);
+
+        ContentResponse response = client.newRequest("localhost", connector.getLocalPort())
+            .scheme(scenario.getScheme())
+            .headers(h -> h.put("X-Capacity", capacity))
+            .timeout(5, TimeUnit.SECONDS)
+            .send();
+
+        assertEquals(HttpStatus.OK_200, response.getStatus());
+    }
+
+    @ParameterizedTest
+    @ArgumentsSource(ScenarioProvider.class)
+    public void testMaxRequestHeadersSize(Scenario scenario) throws Exception
+    {
+        start(scenario, new EmptyServerHandler());
+
+        RetainableByteBuffer buffer = client.getByteBufferPool().acquire(client.getRequestBufferSize(), false);
+        int capacity = buffer.capacity();
+        buffer.release();
+        client.setMaxRequestHeadersSize(2 * capacity);
+        connector.getBean(HttpConnectionFactory.class).getHttpConfiguration().setRequestHeaderSize(4 * capacity);
+
+        assertThrows(ExecutionException.class, () -> client.newRequest("localhost", connector.getLocalPort())
+            .scheme(scenario.getScheme())
+            // Overflow the max request headers size.
+            .agent("A".repeat(3 * capacity))
+            .timeout(5, TimeUnit.SECONDS)
+            .send());
+    }
+
+    @ParameterizedTest
+    @ArgumentsSource(ScenarioProvider.class)
+    public void testMaxResponseHeadersSize(Scenario scenario) throws Exception
+    {
+        start(scenario, new EmptyServerHandler()
+        {
+            @Override
+            protected void service(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response) throws Throwable
+            {
+                int capacity = (int)request.getHeaders().getLongField("X-Capacity");
+                // Overflow the max request headers size, should generate a 500.
+                response.getHeaders().put("X-Large", "A".repeat(3 * capacity));
+            }
+        });
+
+        HttpConfiguration httpConfig = connector.getBean(HttpConnectionFactory.class).getHttpConfiguration();
+        RetainableByteBuffer buffer = server.getByteBufferPool().acquire(httpConfig.getResponseHeaderSize(), false);
+        int capacity = buffer.capacity();
+        buffer.release();
+        httpConfig.setMaxResponseHeaderSize(2 * capacity);
+        client.setMaxResponseHeadersSize(4 * capacity);
+
+        assertThrows(ExecutionException.class, () -> client.newRequest("localhost", connector.getLocalPort())
+            .scheme(scenario.getScheme())
+            .headers(h -> h.put("X-Capacity", capacity))
+            .timeout(5, TimeUnit.SECONDS)
+            .send());
+    }
+
     private void assertCopyRequest(Request original)
     {
         Request copy = client.copyRequest(original, original.getURI());

jetty-core/jetty-http2/jetty-http2-client-transport/src/main/java/org/eclipse/jetty/http2/client/transport/HttpClientTransportOverHTTP2.java

@@ -103,7 +103,7 @@ static void configure(HttpClient httpClient, HTTP2Client http2Client)
         http2Client.setUseOutputDirectByteBuffers(httpClient.isUseOutputDirectByteBuffers());
         http2Client.setConnectBlocking(httpClient.isConnectBlocking());
         http2Client.setBindAddress(httpClient.getBindAddress());
-        http2Client.setMaxRequestHeadersSize(httpClient.getRequestBufferSize());
+        http2Client.setMaxRequestHeadersSize(httpClient.getMaxRequestHeadersSize());
         http2Client.setMaxResponseHeadersSize(httpClient.getMaxResponseHeadersSize());
     }
 

jetty-core/jetty-http2/jetty-http2-server/src/main/java/org/eclipse/jetty/http2/server/AbstractHTTP2ServerConnectionFactory.java

@@ -306,7 +306,7 @@ public Connection newConnection(Connector connector, EndPoint endPoint)
         ServerSessionListener listener = newSessionListener(connector, endPoint);
 
         Generator generator = new Generator(connector.getByteBufferPool(), isUseOutputDirectByteBuffers(), getMaxHeaderBlockFragment());
-        generator.getHpackEncoder().setMaxHeaderListSize(getHttpConfiguration().getResponseHeaderSize());
+        generator.getHpackEncoder().setMaxHeaderListSize(getHttpConfiguration().getMaxResponseHeaderSize());
 
         FlowControlStrategy flowControl = getFlowControlStrategyFactory().newFlowControlStrategy();
 

jetty-core/jetty-http2/jetty-http2-tests/src/test/java/org/eclipse/jetty/http2/tests/HttpClientTransportOverHTTP2Test.java

@@ -144,7 +144,7 @@ private void testPropertiesAreForwarded(HTTP2Client http2Client, HttpClientTrans
             assertEquals(httpClient.getIdleTimeout(), http2Client.getIdleTimeout());
             assertEquals(httpClient.isUseInputDirectByteBuffers(), http2Client.isUseInputDirectByteBuffers());
             assertEquals(httpClient.isUseOutputDirectByteBuffers(), http2Client.isUseOutputDirectByteBuffers());
-            assertEquals(httpClient.getRequestBufferSize(), http2Client.getMaxRequestHeadersSize());
+            assertEquals(httpClient.getMaxRequestHeadersSize(), http2Client.getMaxRequestHeadersSize());
             assertEquals(httpClient.getMaxResponseHeadersSize(), http2Client.getMaxResponseHeadersSize());
         }
         assertTrue(http2Client.isStopped());

jetty-core/jetty-http3/jetty-http3-client-transport/src/main/java/org/eclipse/jetty/http3/client/transport/HttpClientTransportOverHTTP3.java

@@ -84,6 +84,7 @@ static void configure(HttpClient httpClient, HTTP3Client http3Client)
         configuration.setInputBufferSize(httpClient.getResponseBufferSize());
         configuration.setUseInputDirectByteBuffers(httpClient.isUseInputDirectByteBuffers());
         configuration.setUseOutputDirectByteBuffers(httpClient.isUseOutputDirectByteBuffers());
+        configuration.setMaxRequestHeadersSize(httpClient.getMaxRequestHeadersSize());
         configuration.setMaxResponseHeadersSize(httpClient.getMaxResponseHeadersSize());
     }
 

jetty-core/jetty-http3/jetty-http3-server/src/main/java/org/eclipse/jetty/http3/server/AbstractHTTP3ServerConnectionFactory.java

@@ -53,7 +53,7 @@ public AbstractHTTP3ServerConnectionFactory(ServerQuicConfiguration quicConfigur
         http3Configuration.setUseInputDirectByteBuffers(httpConfiguration.isUseInputDirectByteBuffers());
         http3Configuration.setUseOutputDirectByteBuffers(httpConfiguration.isUseOutputDirectByteBuffers());
         http3Configuration.setMaxRequestHeadersSize(httpConfiguration.getRequestHeaderSize());
-        http3Configuration.setMaxResponseHeadersSize(httpConfiguration.getResponseHeaderSize());
+        http3Configuration.setMaxResponseHeadersSize(httpConfiguration.getMaxResponseHeaderSize());
     }
 
     public ServerQuicConfiguration getQuicConfiguration()

jetty-core/jetty-http3/jetty-http3-tests/src/test/java/org/eclipse/jetty/http3/tests/HttpClientTransportOverHTTP3Test.java

@@ -92,6 +92,7 @@ private void testPropertiesAreForwarded(HTTP3Client http3Client, HttpClientTrans
             HTTP3Configuration http3Configuration = http3Client.getHTTP3Configuration();
             assertEquals(httpClient.isUseInputDirectByteBuffers(), http3Configuration.isUseInputDirectByteBuffers());
             assertEquals(httpClient.isUseOutputDirectByteBuffers(), http3Configuration.isUseOutputDirectByteBuffers());
+            assertEquals(httpClient.getMaxRequestHeadersSize(), http3Configuration.getMaxRequestHeadersSize());
             assertEquals(httpClient.getMaxResponseHeadersSize(), http3Configuration.getMaxResponseHeadersSize());
         }
         assertTrue(http3Client.isStopped());

jetty-core/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ReverseProxyTest.java

@@ -147,6 +147,7 @@ public void testServerResponseHeadersTooLargeForServerConfiguration(HttpVersion
 
         int maxResponseHeadersSize = 256;
         serverHttpConfig.setResponseHeaderSize(maxResponseHeadersSize);
+        serverHttpConfig.setMaxResponseHeaderSize(maxResponseHeadersSize);
         startServer(new Handler.Abstract()
         {
             @Override
@@ -283,6 +284,7 @@ public boolean handle(Request request, Response response, Callback callback)
 
         CountDownLatch proxyToClientFailureLatch = new CountDownLatch(1);
         proxyHttpConfig.setResponseHeaderSize(maxResponseHeadersSize);
+        proxyHttpConfig.setMaxResponseHeaderSize(maxResponseHeadersSize);
         startProxy(new ProxyHandler.Reverse(clientToProxyRequest ->
             HttpURI.build(clientToProxyRequest.getHttpURI()).port(serverConnector.getLocalPort()))
         {

jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/HttpConfiguration.java

@@ -62,6 +62,7 @@ public class HttpConfiguration implements Dumpable
     private int _outputAggregationSize = _outputBufferSize / 4;
     private int _requestHeaderSize = 8 * 1024;
     private int _responseHeaderSize = 8 * 1024;
+    private int _maxResponseHeaderSize = 16 * 1024;
     private int _headerCacheSize = 1024;
     private boolean _headerCacheCaseSensitive = false;
     private int _securePort;
@@ -137,6 +138,7 @@ public HttpConfiguration(HttpConfiguration config)
         _outputAggregationSize = config._outputAggregationSize;
         _requestHeaderSize = config._requestHeaderSize;
         _responseHeaderSize = config._responseHeaderSize;
+        _maxResponseHeaderSize = config._maxResponseHeaderSize;
         _headerCacheSize = config._headerCacheSize;
         _headerCacheCaseSensitive = config._headerCacheCaseSensitive;
         _secureScheme = config._secureScheme;
@@ -217,12 +219,18 @@ public int getRequestHeaderSize()
         return _requestHeaderSize;
     }
 
-    @ManagedAttribute("The maximum allowed size in bytes for an HTTP response header")
+    @ManagedAttribute("The default size in bytes for the HTTP response headers buffer")
     public int getResponseHeaderSize()
     {
         return _responseHeaderSize;
     }
 
+    @ManagedAttribute("The maximum size in bytes for the HTTP response headers buffer")
+    public int getMaxResponseHeaderSize()
+    {
+        return _maxResponseHeaderSize;
+    }
+
     @ManagedAttribute("The maximum allowed size in Trie nodes for an HTTP header field cache")
     public int getHeaderCacheSize()
     {
@@ -442,13 +450,24 @@ public void setRequestHeaderSize(int requestHeaderSize)
      * <p>Larger headers will allow for more and/or larger cookies and longer HTTP headers (eg for redirection).
      * However, larger headers will also consume more memory.</p>
      *
-     * @param responseHeaderSize the maximum size in bytes of the response header
+     * @param responseHeaderSize the default size in bytes of the response headers buffer
      */
     public void setResponseHeaderSize(int responseHeaderSize)
     {
         _responseHeaderSize = responseHeaderSize;
     }
 
+    /**
+     * <p>Larger headers will allow for more and/or larger cookies and longer HTTP headers (eg for redirection).
+     * However, larger headers will also consume more memory.</p>
+     *
+     * @param maxResponseHeaderSize the maximum size in bytes of the response headers buffer
+     */
+    public void setMaxResponseHeaderSize(int maxResponseHeaderSize)
+    {
+        _maxResponseHeaderSize = maxResponseHeaderSize;
+    }
+
     /**
      * @param headerCacheSize The size of the header field cache, in terms of unique characters branches
      * in the lookup {@link Index.Mutable} and associated data structures.
@@ -839,6 +858,7 @@ public void dump(Appendable out, String indent) throws IOException
             "outputAggregationSize=" + _outputAggregationSize,
             "requestHeaderSize=" + _requestHeaderSize,
             "responseHeaderSize=" + _responseHeaderSize,
+            "maxResponseHeaderSize=" + _maxResponseHeaderSize,
             "headerCacheSize=" + _headerCacheSize,
             "headerCacheCaseSensitive=" + _headerCacheCaseSensitive,
             "secureScheme=" + _secureScheme,