From 88953f36a6203058825ca1a11dc79e72146f158a Mon Sep 17 00:00:00 2001 From: Alessandro Ros Date: Tue, 11 Apr 2023 20:47:19 +0200 Subject: [PATCH] add read deadline to all incoming HTTP requests (#1689) --- internal/core/api.go | 7 +++++-- internal/core/core.go | 14 ++++++++++++-- internal/core/hls_server.go | 8 +++++--- internal/core/metrics.go | 8 ++++++-- internal/core/pprof.go | 8 ++++++-- internal/core/webrtc_server.go | 8 +++++--- 6 files changed, 39 insertions(+), 14 deletions(-) diff --git a/internal/core/api.go b/internal/core/api.go index 1398f455..5512a573 100644 --- a/internal/core/api.go +++ b/internal/core/api.go @@ -8,6 +8,7 @@ import ( "net/http" "reflect" "sync" + "time" "github.com/gin-gonic/gin" @@ -124,6 +125,7 @@ type api struct { func newAPI( address string, + readTimeout conf.StringDuration, conf *conf.Conf, pathManager apiPathManager, rtspServer apiRTSPServer, @@ -199,8 +201,9 @@ func newAPI( } a.httpServer = &http.Server{ - Handler: router, - ErrorLog: log.New(&nilWriter{}, "", 0), + Handler: router, + ReadHeaderTimeout: time.Duration(readTimeout), + ErrorLog: log.New(&nilWriter{}, "", 0), } go a.httpServer.Serve(ln) diff --git a/internal/core/core.go b/internal/core/core.go index 886e3497..806b49c7 100644 --- a/internal/core/core.go +++ b/internal/core/core.go @@ -217,6 +217,7 @@ func (p *Core) createResources(initial bool) error { if p.metrics == nil { p.metrics, err = newMetrics( p.conf.MetricsAddress, + p.conf.ReadTimeout, p, ) if err != nil { @@ -229,6 +230,7 @@ func (p *Core) createResources(initial bool) error { if p.pprof == nil { p.pprof, err = newPPROF( p.conf.PPROFAddress, + p.conf.ReadTimeout, p, ) if err != nil { @@ -402,6 +404,7 @@ func (p *Core) createResources(initial bool) error { p.conf.HLSAllowOrigin, p.conf.HLSTrustedProxies, p.conf.HLSDirectory, + p.conf.ReadTimeout, p.conf.ReadBufferCount, p.pathManager, p.metrics, @@ -425,6 +428,7 @@ func (p *Core) createResources(initial bool) error { p.conf.WebRTCAllowOrigin, p.conf.WebRTCTrustedProxies, p.conf.WebRTCICEServers, + p.conf.ReadTimeout, p.conf.ReadBufferCount, p.pathManager, p.metrics, @@ -443,6 +447,7 @@ func (p *Core) createResources(initial bool) error { if p.api == nil { p.api, err = newAPI( p.conf.APIAddress, + p.conf.ReadTimeout, p.conf, p.pathManager, p.rtspServer, @@ -476,11 +481,13 @@ func (p *Core) closeResources(newConf *conf.Conf, calledByAPI bool) { closeMetrics := newConf == nil || newConf.Metrics != p.conf.Metrics || - newConf.MetricsAddress != p.conf.MetricsAddress + newConf.MetricsAddress != p.conf.MetricsAddress || + newConf.ReadTimeout != p.conf.ReadTimeout closePPROF := newConf == nil || newConf.PPROF != p.conf.PPROF || - newConf.PPROFAddress != p.conf.PPROFAddress + newConf.PPROFAddress != p.conf.PPROFAddress || + newConf.ReadTimeout != p.conf.ReadTimeout closePathManager := newConf == nil || newConf.RTSPAddress != p.conf.RTSPAddress || @@ -579,6 +586,7 @@ func (p *Core) closeResources(newConf *conf.Conf, calledByAPI bool) { newConf.HLSAllowOrigin != p.conf.HLSAllowOrigin || !reflect.DeepEqual(newConf.HLSTrustedProxies, p.conf.HLSTrustedProxies) || newConf.HLSDirectory != p.conf.HLSDirectory || + newConf.ReadTimeout != p.conf.ReadTimeout || newConf.ReadBufferCount != p.conf.ReadBufferCount || closePathManager || closeMetrics @@ -593,6 +601,7 @@ func (p *Core) closeResources(newConf *conf.Conf, calledByAPI bool) { newConf.WebRTCAllowOrigin != p.conf.WebRTCAllowOrigin || !reflect.DeepEqual(newConf.WebRTCTrustedProxies, p.conf.WebRTCTrustedProxies) || !reflect.DeepEqual(newConf.WebRTCICEServers, p.conf.WebRTCICEServers) || + newConf.ReadTimeout != p.conf.ReadTimeout || newConf.ReadBufferCount != p.conf.ReadBufferCount || closeMetrics || closePathManager || @@ -603,6 +612,7 @@ func (p *Core) closeResources(newConf *conf.Conf, calledByAPI bool) { closeAPI := newConf == nil || newConf.API != p.conf.API || newConf.APIAddress != p.conf.APIAddress || + newConf.ReadTimeout != p.conf.ReadTimeout || closePathManager || closeRTSPServer || closeRTSPSServer || diff --git a/internal/core/hls_server.go b/internal/core/hls_server.go index 9dd4e51a..bafbc83a 100644 --- a/internal/core/hls_server.go +++ b/internal/core/hls_server.go @@ -100,6 +100,7 @@ func newHLSServer( allowOrigin string, trustedProxies conf.IPsOrCIDRs, directory string, + readTimeout conf.StringDuration, readBufferCount int, pathManager *pathManager, metrics *metrics, @@ -156,9 +157,10 @@ func newHLSServer( router.NoRoute(httpLoggerMiddleware(s), httpServerHeaderMiddleware, s.onRequest) s.httpServer = &http.Server{ - Handler: router, - TLSConfig: tlsConfig, - ErrorLog: log.New(&nilWriter{}, "", 0), + Handler: router, + TLSConfig: tlsConfig, + ReadHeaderTimeout: time.Duration(readTimeout), + ErrorLog: log.New(&nilWriter{}, "", 0), } s.log(logger.Info, "listener opened on "+address) diff --git a/internal/core/metrics.go b/internal/core/metrics.go index ef4dfed3..9319cbed 100644 --- a/internal/core/metrics.go +++ b/internal/core/metrics.go @@ -8,9 +8,11 @@ import ( "net/http" "strconv" "sync" + "time" "github.com/gin-gonic/gin" + "github.com/aler9/mediamtx/internal/conf" "github.com/aler9/mediamtx/internal/logger" ) @@ -38,6 +40,7 @@ type metrics struct { func newMetrics( address string, + readTimeout conf.StringDuration, parent metricsParent, ) (*metrics, error) { ln, err := net.Listen(restrictNetwork(restrictNetwork("tcp", address))) @@ -58,8 +61,9 @@ func newMetrics( router.GET("/metrics", mwLog, m.onMetrics) m.httpServer = &http.Server{ - Handler: router, - ErrorLog: log.New(&nilWriter{}, "", 0), + Handler: router, + ReadHeaderTimeout: time.Duration(readTimeout), + ErrorLog: log.New(&nilWriter{}, "", 0), } m.log(logger.Info, "listener opened on "+address) diff --git a/internal/core/pprof.go b/internal/core/pprof.go index a58cf895..14ac63f1 100644 --- a/internal/core/pprof.go +++ b/internal/core/pprof.go @@ -5,10 +5,12 @@ import ( "log" "net" "net/http" + "time" // start pprof _ "net/http/pprof" + "github.com/aler9/mediamtx/internal/conf" "github.com/aler9/mediamtx/internal/logger" ) @@ -25,6 +27,7 @@ type pprof struct { func newPPROF( address string, + readTimeout conf.StringDuration, parent pprofParent, ) (*pprof, error) { ln, err := net.Listen(restrictNetwork("tcp", address)) @@ -38,8 +41,9 @@ func newPPROF( } pp.httpServer = &http.Server{ - Handler: http.DefaultServeMux, - ErrorLog: log.New(&nilWriter{}, "", 0), + Handler: http.DefaultServeMux, + ReadHeaderTimeout: time.Duration(readTimeout), + ErrorLog: log.New(&nilWriter{}, "", 0), } pp.log(logger.Info, "listener opened on "+address) diff --git a/internal/core/webrtc_server.go b/internal/core/webrtc_server.go index 2997b558..5ece5eb8 100644 --- a/internal/core/webrtc_server.go +++ b/internal/core/webrtc_server.go @@ -109,6 +109,7 @@ func newWebRTCServer( allowOrigin string, trustedProxies conf.IPsOrCIDRs, iceServers []string, + readTimeout conf.StringDuration, readBufferCount int, pathManager *pathManager, metrics *metrics, @@ -190,9 +191,10 @@ func newWebRTCServer( router.NoRoute(s.requestPool.mw, httpLoggerMiddleware(s), httpServerHeaderMiddleware, s.onRequest) s.httpServer = &http.Server{ - Handler: router, - TLSConfig: tlsConfig, - ErrorLog: log.New(&nilWriter{}, "", 0), + Handler: router, + TLSConfig: tlsConfig, + ReadHeaderTimeout: time.Duration(readTimeout), + ErrorLog: log.New(&nilWriter{}, "", 0), } str := "listener opened on " + address + " (HTTP)"