httpx crashes on services generating endless stream of data #1964
Description
httpx version:
v1.6.8
Current Behavior:
httpx hangs and the machine becomes OOM when hitting a service that generates an endless stream of data (memory usage keeps growing until crash).
In my case, it is a CHARGEN UDP service running on my internet box (provider: freebox).
nmap detection:
nmap -oX /home/osboxes/.secator/reports/default/tasks/18626/.outputs/nmap.xml <REDACTED> -p 8095 --script vulners -Pn -sV -sT
Starting Nmap 7.93 ( https://nmap.org ) at 2024-10-21 19:15 EDT
Nmap scan report for [REDACTED]
Host is up (0.00053s latency).
Other addresses for X (not scanned): <REDACTED>
rDNS record for <REDACTED>
PORT STATE SERVICE VERSION
8095/tcp open chargen xinetd chargen
Service Info: OS: Unix
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 5.27 seconds
httpx command:
httpx -u <MYHOST>:8095 # hangs, running with -debug OOMs the machine because of the endless stream
Note that adding a --timeout 1 --retries 0 will fix the issue, as well as restricting the max body size to read (-rstr 2000) but it would be preferable to fix without as it hinders the actual issue.
This is problematic in automatic workflows as any service running a char generator or yielding an endless stream of data will crash the machine the workflow is running on.
Expected Behavior:
httpx should:
- not store the entire response in memory, as the used memory grow with the response body size, it should stream the data directly to a file if possible (it's preferable to use a bit more disk space than memory when running in resource-constrained environments)
OR (harder / possibly not feasible): - detect that the stream keeps growing and stop after a while.
Steps To Reproduce:
- Run a CHARGEN service: https://www.ncsc.gov.ie/emailsfrom/Shadowserver/DoS/Chargen/
- Hit it with
httpx:httpx -u <MYHOST>:8095