We found a bug in the hyper HTTP library

(blog.cloudflare.com)

77 points | by Pop_- 4 days ago ago

8 comments

  • edelbitter 4 hours ago

    Cloudflare does not notice (until a customer complains) that they are sending broken responses at scale? I would have thought they would notice this from sampling and linting a few replies.. just in case they did something like Cloudbleed again.

    • ramon156 an hour ago

      Can you get reasonable results without exposing sensitive info? I'm asking because I genuinely have no idea what it's like at their scale

  • worldsavior 38 minutes ago

    > We spent six weeks chasing a nearly invisible bug — a race condition that occurred only under specific conditions — in the hyper library that impacted how the Images binding returned processed image data back to the client. In the end, it took four lines of code to fix it.

    That's a long time, must be frustrating.

  • microgpt 17 minutes ago

    Would using Rust have prevented this?

  • algoth1 an hour ago

    I wonder if this bug was found via project glasswing

  • 100ms 2 hours ago

    > The failure was caused by a timing-dependent race condition in hyper’s HTTP/1 connection handling. When the reader was slower and the socket buffer filled, poll_flush returned Poll::Pending, but the dispatch loop discarded that result. Hyper then treated the response as complete and shut down the socket while data remained buffered internally, causing the client to receive an EOF before the full body arrived.

    https://github.com/hyperium/hyper/issues/4022

    Saved you 3000 words