|
| 1 | +From a388b56ed493eeff64fd7aca1333b0974bbd7823 Mon Sep 17 00:00:00 2001 |
| 2 | +From: AllSpark <allspark@microsoft.com> |
| 3 | +Date: Wed, 15 Apr 2026 07:25:48 +0000 |
| 4 | +Subject: [PATCH] vendor(otel): limit response body size for OTLP HTTP exporter |
| 5 | + (backport of #8108) |
| 6 | + |
| 7 | +Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> |
| 8 | +Upstream-reference: https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0.patch |
| 9 | +--- |
| 10 | + .../otlp/otlptrace/otlptracehttp/client.go | 21 +++++++++++++++++-- |
| 11 | + 1 file changed, 19 insertions(+), 2 deletions(-) |
| 12 | + |
| 13 | +diff --git a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go |
| 14 | +index 9fbe861..088551e 100644 |
| 15 | +--- a/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go |
| 16 | ++++ b/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go |
| 17 | +@@ -18,6 +18,7 @@ import ( |
| 18 | + "bytes" |
| 19 | + "compress/gzip" |
| 20 | + "context" |
| 21 | ++ "errors" |
| 22 | + "fmt" |
| 23 | + "io" |
| 24 | + "net" |
| 25 | +@@ -40,6 +41,13 @@ import ( |
| 26 | + |
| 27 | + const contentTypeProto = "application/x-protobuf" |
| 28 | + |
| 29 | ++// maxResponseBodySize is the maximum number of bytes to read from a response |
| 30 | ++// body. It is set to 4 MiB per the OTLP specification recommendation to |
| 31 | ++// mitigate excessive memory usage caused by a misconfigured or malicious |
| 32 | ++// server. If exceeded, the response is treated as a not-retryable error. |
| 33 | ++// This is a variable to allow tests to override it. |
| 34 | ++var maxResponseBodySize int64 = 4 * 1024 * 1024 |
| 35 | ++ |
| 36 | + var gzPool = sync.Pool{ |
| 37 | + New: func() interface{} { |
| 38 | + w := gzip.NewWriter(io.Discard) |
| 39 | +@@ -169,7 +177,11 @@ func (d *client) UploadTraces(ctx context.Context, protoSpans []*tracepb.Resourc |
| 40 | + // Success, do not retry. |
| 41 | + // Read the partial success message, if any. |
| 42 | + var respData bytes.Buffer |
| 43 | +- if _, err := io.Copy(&respData, resp.Body); err != nil { |
| 44 | ++ if _, err := io.Copy(&respData, http.MaxBytesReader(nil, resp.Body, maxResponseBodySize)); err != nil { |
| 45 | ++ var maxBytesErr *http.MaxBytesError |
| 46 | ++ if errors.As(err, &maxBytesErr) { |
| 47 | ++ return fmt.Errorf("response body too large: exceeded %d bytes", maxBytesErr.Limit) |
| 48 | ++ } |
| 49 | + return err |
| 50 | + } |
| 51 | + |
| 52 | +@@ -192,7 +204,12 @@ func (d *client) UploadTraces(ctx context.Context, protoSpans []*tracepb.Resourc |
| 53 | + |
| 54 | + case http.StatusTooManyRequests, http.StatusServiceUnavailable: |
| 55 | + // Retry-able failures. Drain the body to reuse the connection. |
| 56 | +- if _, err := io.Copy(io.Discard, resp.Body); err != nil { |
| 57 | ++ var respData bytes.Buffer |
| 58 | ++ if _, err := io.Copy(&respData, http.MaxBytesReader(nil, resp.Body, maxResponseBodySize)); err != nil { |
| 59 | ++ var maxBytesErr *http.MaxBytesError |
| 60 | ++ if errors.As(err, &maxBytesErr) { |
| 61 | ++ return fmt.Errorf("response body too large: exceeded %d bytes", maxBytesErr.Limit) |
| 62 | ++ } |
| 63 | + otel.Handle(err) |
| 64 | + } |
| 65 | + return newResponseError(resp.Header) |
| 66 | +-- |
| 67 | +2.45.4 |
| 68 | + |
0 commit comments