Skip to content

fix: cap relay tunnel response body size to prevent OOM#28

Merged
cptrodgers merged 1 commit intomainfrom
hn/max-response-body-relay
Mar 30, 2026
Merged

fix: cap relay tunnel response body size to prevent OOM#28
cptrodgers merged 1 commit intomainfrom
hn/max-response-body-relay

Conversation

@cptrodgers
Copy link
Copy Markdown
Owner

@cptrodgers cptrodgers commented Mar 30, 2026

Summary

  • Add max_response_body_size config option to relay (default 10MB)
  • Check base64 response body length before decoding; return 502 if oversized
  • Prevents a malicious/buggy tunnel client from sending arbitrarily large responses through the WebSocket

@cptrodgers cptrodgers merged commit d412c45 into main Mar 30, 2026
1 check passed
@cptrodgers cptrodgers deleted the hn/max-response-body-relay branch March 30, 2026 03:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cptrodgers