From 7c3e2fdf96d3125caf6c0398089556eb5501489f Mon Sep 17 00:00:00 2001
From: jrauschenbusch <2499843+jrauschenbusch@users.noreply.github.com>
Date: Thu, 6 Feb 2025 12:41:43 +0100
Subject: [PATCH] fix: potential memory pressure on server side

This fix changes the default configuration of the HTTP/2 transport to advertise an unlimited value to the peer for SETTINGS_MAX_HEADER_LIST_SIZE (0x6). This configuration basically disables sending the setting at all. So the server uses its default settings.

As some servers like Jetty allocate buffers in size of this setting, this can lead to memory pressure or even OOM errors when the server is not configured properly.

see https://www.ietf.org/archive/id/draft-ietf-httpbis-http2bis-07.html#section-6.5.2-2.11
---
 internal/pkg/http/client.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/internal/pkg/http/client.go b/internal/pkg/http/client.go
index 0c67e98..e93052f 100644
--- a/internal/pkg/http/client.go
+++ b/internal/pkg/http/client.go
@@ -55,7 +55,8 @@ func NewClient(host string, insecure bool, timeoutMilliseconds int, protocol Pro
 	switch protocol {
 	case HTTP2:
 		client.Transport = &http2.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: insecure},
+			TLSClientConfig:   &tls.Config{InsecureSkipVerify: insecure},
+			MaxHeaderListSize: 0xffffffff, // avoid sending SETTINGS_MAX_HEADER_LIST_SIZE (0x6) via SETTINGS frame
 		}
 	case H2C:
 		client.Transport = &http2.Transport{
@@ -63,6 +64,7 @@ func NewClient(host string, insecure bool, timeoutMilliseconds int, protocol Pro
 			DialTLS: func(network, addr string, cfg *tls.Config) (net.Conn, error) {
 				return net.Dial(network, addr)
 			},
+			MaxHeaderListSize: 0xffffffff, // avoid sending SETTINGS_MAX_HEADER_LIST_SIZE (0x6) via SETTINGS frame
 		}
 	default:
 		client.Transport = &http.Transport{
@@ -80,7 +82,7 @@ func (c Client) SendRequest(method, path string, headers map[string]string, requ
 	if requestBody != nil {
 		body = bytes.NewBufferString(*requestBody)
 	}
-	
+
 	url := fmt.Sprintf("%s/%s", c.host, strings.TrimLeft(path, "/"))
 	req, err := http.NewRequest(method, url, body)
 	if err != nil {
@@ -89,7 +91,7 @@ func (c Client) SendRequest(method, path string, headers map[string]string, requ
 	}
 	if req.Body != nil {
 		defer req.Body.Close()
-	} 
+	}
 	for k, v := range headers {
 		if strings.EqualFold(k, "Host") {
 			req.Host = v