性能问题 on 办公AI智能小助手 https://blog.qife122.com/tags/%E6%80%A7%E8%83%BD%E9%97%AE%E9%A2%98/ Recent content in 性能问题 on 办公AI智能小助手 Hugo zh-cn qife Sat, 13 Sep 2025 02:15:46 +0800 curl_easy_header 函数存在 O(N) 复杂度问题,可被恶意利用消耗大量 CPU 时间 https://blog.qife122.com/p/curl_easy_header-%E5%87%BD%E6%95%B0%E5%AD%98%E5%9C%A8-on-%E5%A4%8D%E6%9D%82%E5%BA%A6%E9%97%AE%E9%A2%98%E5%8F%AF%E8%A2%AB%E6%81%B6%E6%84%8F%E5%88%A9%E7%94%A8%E6%B6%88%E8%80%97%E5%A4%A7%E9%87%8F-cpu-%E6%97%B6%E9%97%B4/ Sat, 13 Sep 2025 02:15:46 +0800 https://blog.qife122.com/p/curl_easy_header-%E5%87%BD%E6%95%B0%E5%AD%98%E5%9C%A8-on-%E5%A4%8D%E6%9D%82%E5%BA%A6%E9%97%AE%E9%A2%98%E5%8F%AF%E8%A2%AB%E6%81%B6%E6%84%8F%E5%88%A9%E7%94%A8%E6%B6%88%E8%80%97%E5%A4%A7%E9%87%8F-cpu-%E6%97%B6%E9%97%B4/ <h1 id="curl_easy_header-运行复杂度为-on-或更差可被滥用消耗数分钟-cpu-时间">curl_easy_header 运行复杂度为 O(N) 或更差,可被滥用消耗数分钟 CPU 时间</h1> <h2 id="摘要">摘要</h2> <p>curl_easy_header 的实现可被恶意服务器滥用,该服务器将所有头信息置于单一键下。例如服务器响应如下:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-http" data-lang="http"><span class="line"><span class="cl"><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span> </span></span><span class="line"><span class="cl"><span class="err">a:</span> </span></span><span class="line"><span class="cl"><span class="g">a: </span></span></span><span class="line"><span class="cl"><span class="g">a: </span></span></span><span class="line"><span class="cl"><span class="g">a: </span></span></span><span class="line"><span class="cl"><span class="g">[重复直到达到 MAX_HTTP_RESP_HEADER_SIZE 字节] </span></span></span></code></pre></td></tr></table> </div> </div><p>作为开发者,如果您想遍历头信息,通常会这样做(取自 tests/libtest/lib1940.c):</p> curl_easy_header 函数存在 O(N) 复杂度漏洞,可被恶意利用消耗大量 CPU 时间 https://blog.qife122.com/p/curl_easy_header-%E5%87%BD%E6%95%B0%E5%AD%98%E5%9C%A8-on-%E5%A4%8D%E6%9D%82%E5%BA%A6%E6%BC%8F%E6%B4%9E%E5%8F%AF%E8%A2%AB%E6%81%B6%E6%84%8F%E5%88%A9%E7%94%A8%E6%B6%88%E8%80%97%E5%A4%A7%E9%87%8F-cpu-%E6%97%B6%E9%97%B4/ Fri, 12 Sep 2025 21:01:46 +0800 https://blog.qife122.com/p/curl_easy_header-%E5%87%BD%E6%95%B0%E5%AD%98%E5%9C%A8-on-%E5%A4%8D%E6%9D%82%E5%BA%A6%E6%BC%8F%E6%B4%9E%E5%8F%AF%E8%A2%AB%E6%81%B6%E6%84%8F%E5%88%A9%E7%94%A8%E6%B6%88%E8%80%97%E5%A4%A7%E9%87%8F-cpu-%E6%97%B6%E9%97%B4/ <h1 id="curl_easy_header-函数存在-on-复杂度漏洞可被恶意利用消耗大量-cpu-时间">curl_easy_header 函数存在 O(N) 复杂度漏洞,可被恶意利用消耗大量 CPU 时间</h1> <h2 id="摘要">摘要</h2> <p>curl_easy_header 函数的实现存在性能问题,恶意服务器可通过将所有头部数据置于单一键下进行滥用。例如,服务器响应可能如下:</p>