github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

apiserver: fix timeout handler

Browse Source 
Protect access of the original writer. Panics if anything has wrote
into the original writer or the writer is hijacked when times out.
This commit is contained in:
Xiang Li
2016-07-25 20:43:47 -07:00
parent b39cde37c9
commit c995050ee3
2 changed files with 63 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/genericapiserver/genericapiserver.go
View File

@@ -633,10 +633,10 @@ func (s *GenericAPIServer) Run(options *options.ServerRunOptions) {
}
if secureLocation != "" {
handler := apiserver.TimeoutHandler(s.Handler, longRunningTimeout)
handler := apiserver.TimeoutHandler(apiserver.RecoverPanics(s.Handler), longRunningTimeout)
secureServer := &http.Server{
Addr: secureLocation,
Handler: apiserver.MaxInFlightLimit(sem, longRunningRequestCheck, apiserver.RecoverPanics(handler)),
Handler: apiserver.MaxInFlightLimit(sem, longRunningRequestCheck, handler),
MaxHeaderBytes: 1 << 20,
TLSConfig: &tls.Config{
// Can't use SSLv3 because of POODLE and BEAST
@@ -696,10 +696,10 @@ func (s *GenericAPIServer) Run(options *options.ServerRunOptions) {
}
}
handler := apiserver.TimeoutHandler(s.InsecureHandler, longRunningTimeout)
handler := apiserver.TimeoutHandler(apiserver.RecoverPanics(s.InsecureHandler), longRunningTimeout)
http := &http.Server{
Addr: insecureLocation,
Handler: apiserver.RecoverPanics(handler),
Handler: handler,
MaxHeaderBytes: 1 << 20,
}