|
| 1 | +From e20101e55c266784ee85ae43bb03f11aa4aca33f Mon Sep 17 00:00:00 2001 |
| 2 | +From: AllSpark <allspark@microsoft.com> |
| 3 | +Date: Mon, 20 Apr 2026 06:05:54 +0000 |
| 4 | +Subject: [PATCH] vendor(otel): limit response body size for OTLP HTTP exporter |
| 5 | + (backport of #8108) |
| 6 | + |
| 7 | +Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> |
| 8 | +Upstream-reference: AI Backport of https://raw.githubusercontent.com/microsoft/azurelinux/refs/heads/3.0-dev/SPECS/moby-engine/CVE-2026-39882.patch |
| 9 | +--- |
| 10 | + .../otlp/otlptrace/otlptracehttp/client.go | 21 +++++++++++++++++-- |
| 11 | + 1 file changed, 19 insertions(+), 2 deletions(-) |
| 12 | + |
| 13 | +diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go |
| 14 | +index 3b5f383..08f7331 100644 |
| 15 | +--- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go |
| 16 | ++++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go |
| 17 | +@@ -41,6 +41,14 @@ import ( |
| 18 | + |
| 19 | + const contentTypeProto = "application/x-protobuf" |
| 20 | + |
| 21 | ++// maxResponseBodySize is the maximum number of bytes to read from a response |
| 22 | ++// body. It is set to 4 MiB per the OTLP specification recommendation to |
| 23 | ++// mitigate excessive memory usage caused by a misconfigured or malicious |
| 24 | ++// server. If exceeded, the response is treated as a not-retryable error. |
| 25 | ++// This is a variable to allow tests to override it. |
| 26 | ++var maxResponseBodySize int64 = 4 * 1024 * 1024 |
| 27 | ++ |
| 28 | ++ |
| 29 | + var gzPool = sync.Pool{ |
| 30 | + New: func() interface{} { |
| 31 | + w := gzip.NewWriter(io.Discard) |
| 32 | +@@ -174,7 +182,11 @@ func (d *client) UploadTraces(ctx context.Context, protoSpans []*tracepb.Resourc |
| 33 | + // Success, do not retry. |
| 34 | + // Read the partial success message, if any. |
| 35 | + var respData bytes.Buffer |
| 36 | +- if _, err := io.Copy(&respData, resp.Body); err != nil { |
| 37 | ++ if _, err := io.Copy(&respData, http.MaxBytesReader(nil, resp.Body, maxResponseBodySize)); err != nil { |
| 38 | ++ var maxBytesErr *http.MaxBytesError |
| 39 | ++ if errors.As(err, &maxBytesErr) { |
| 40 | ++ return fmt.Errorf("response body too large: exceeded %d bytes", maxBytesErr.Limit) |
| 41 | ++ } |
| 42 | + return err |
| 43 | + } |
| 44 | + if respData.Len() == 0 { |
| 45 | +@@ -203,7 +215,12 @@ func (d *client) UploadTraces(ctx context.Context, protoSpans []*tracepb.Resourc |
| 46 | + sc == http.StatusServiceUnavailable, |
| 47 | + sc == http.StatusGatewayTimeout: |
| 48 | + // Retry-able failures. Drain the body to reuse the connection. |
| 49 | +- if _, err := io.Copy(io.Discard, resp.Body); err != nil { |
| 50 | ++ var respData bytes.Buffer |
| 51 | ++ if _, err := io.Copy(&respData, http.MaxBytesReader(nil, resp.Body, maxResponseBodySize)); err != nil { |
| 52 | ++ var maxBytesErr *http.MaxBytesError |
| 53 | ++ if errors.As(err, &maxBytesErr) { |
| 54 | ++ return fmt.Errorf("response body too large: exceeded %d bytes", maxBytesErr.Limit) |
| 55 | ++ } |
| 56 | + otel.Handle(err) |
| 57 | + } |
| 58 | + return newResponseError(resp.Header) |
| 59 | +-- |
| 60 | +2.45.4 |
| 61 | + |
0 commit comments