From c38a9d030520a157c19af8d0a7a5a322ed4e6690 Mon Sep 17 00:00:00 2001 From: Michal 'vorner' Vaner Date: Tue, 2 Feb 2021 18:34:40 +0100 Subject: [PATCH] docs(body): warn about no length check in aggregate (#2415) The to_bytes and aggregate don't check how long the body is, so the user better be aware. Relates to #2414. --- src/body/aggregate.rs | 6 ++++++ src/body/to_bytes.rs | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/src/body/aggregate.rs b/src/body/aggregate.rs index 97b6c2d91f..99662419d3 100644 --- a/src/body/aggregate.rs +++ b/src/body/aggregate.rs @@ -7,6 +7,12 @@ use crate::common::buf::BufList; /// /// The returned `impl Buf` groups the `Buf`s from the `HttpBody` without /// copying them. This is ideal if you don't require a contiguous buffer. +/// +/// # Note +/// +/// Care needs to be taken if the remote is untrusted. The function doesn't implement any length +/// checks and an malicious peer might make it consume arbitrary amounts of memory. Checking the +/// `Content-Length` is a possibility, but it is not strictly mandated to be present. pub async fn aggregate(body: T) -> Result where T: HttpBody, diff --git a/src/body/to_bytes.rs b/src/body/to_bytes.rs index 7c0765f486..3ec7a7654b 100644 --- a/src/body/to_bytes.rs +++ b/src/body/to_bytes.rs @@ -7,6 +7,12 @@ use super::HttpBody; /// This may require copying the data into a single buffer. If you don't need /// a contiguous buffer, prefer the [`aggregate`](crate::body::aggregate()) /// function. +/// +/// # Note +/// +/// Care needs to be taken if the remote is untrusted. The function doesn't implement any length +/// checks and an malicious peer might make it consume arbitrary amounts of memory. Checking the +/// `Content-Length` is a possibility, but it is not strictly mandated to be present. pub async fn to_bytes(body: T) -> Result where T: HttpBody,