Mxmilu666/frp
1
1
Fork 1
mirror of https://github.com/fatedier/frp.git synced 2026-04-21 16:39:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate CA cert parsing and add missing ReadHeaderTimeout (#5205)

Browse Source 
- pkg/transport/tls.go: check AppendCertsFromPEM return value and
  return clear error when CA file contains no valid PEM certificates
- pkg/plugin/client/http2http.go: set ReadHeaderTimeout to 60s to
  match other plugins and prevent slow header attacks
- pkg/plugin/client/http2https.go: same ReadHeaderTimeout fix
This commit is contained in:
fatedier
2026-03-06 17:59:41 +08:00
committed by GitHub
parent cb459b02b6
commit c23894f156
3 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/transport/tls.go
View File

@@ -20,6 +20,7 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/pem"
"fmt"
"math/big"
"os"
"time"
@@ -85,7 +86,9 @@ func newCertPool(caPath string) (*x509.CertPool, error) {
return nil, err
}
pool.AppendCertsFromPEM(caCrt)
if !pool.AppendCertsFromPEM(caCrt) {
return nil, fmt.Errorf("failed to parse CA certificate from file %q: no valid PEM certificates found", caPath)
}
return pool, nil
}