Summary
Large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy, and it will impact TCP proxy and HTTP 1 & 2 mixed use cases based on ALPN
Details
It will happen when the connection is closing but upstream data is still coming, resulting in a buffer watermark callback nullptr reference.
PoC
e.g., slow clients send large enough requests and then close the connection to Envoy TCP proxy.
Impact
DoS and crash.
Summary
Large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy, and it will impact TCP proxy and HTTP 1 & 2 mixed use cases based on ALPN
Details
It will happen when the connection is closing but upstream data is still coming, resulting in a buffer watermark callback nullptr reference.
PoC
e.g., slow clients send large enough requests and then close the connection to Envoy TCP proxy.
Impact
DoS and crash.