Merge branch 'security-fix-weak-timeouts-1-56' into '1-56-stable'

Fix weak timeouts

See merge request gitlab-org/security/gitlab-pages!19

3 files changed, 25 insertions, 2 deletions

diff --git a/internal/config/config.go b/internal/config/config.go
index 7644e5ad..a1fca236 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -20,6 +20,7 @@ type Config struct {
 	GitLab          GitLab
 	Log             Log
 	Sentry          Sentry
+	Server          Server
 	TLS             TLS
 	Zip             ZipServing
 
@@ -137,6 +138,13 @@ type ZipServing struct {
 	AllowedPaths       []string
 }
 
+type Server struct {
+	ReadTimeout       time.Duration
+	ReadHeaderTimeout time.Duration
+	WriteTimeout      time.Duration
+	ListenKeepAlive   time.Duration
+}
+
 func internalGitlabServerFromFlags() string {
 	if *internalGitLabServer != "" {
 		return *internalGitLabServer
@@ -241,6 +249,12 @@ func loadConfig() (*Config, error) {
 			OpenTimeout:        *zipOpenTimeout,
 			AllowedPaths:       []string{*pagesRoot},
 		},
+		Server: Server{
+			ReadTimeout:       *serverReadTimeout,
+			ReadHeaderTimeout: *serverReadHeaderTimeout,
+			WriteTimeout:      *serverWriteTimeout,
+			ListenKeepAlive:   *serverKeepAlive,
+		},
 
 		// Actual listener pointers will be populated in appMain. We populate the
 		// raw strings here so that they are available in appMain
diff --git a/internal/config/flags.go b/internal/config/flags.go
index 091e07e3..25a526f6 100644
--- a/internal/config/flags.go
+++ b/internal/config/flags.go
@@ -81,6 +81,12 @@ var (
 	zipCacheRefresh    = flag.Duration("zip-cache-refresh", 30*time.Second, "Zip serving archive cache refresh interval")
 	zipOpenTimeout     = flag.Duration("zip-open-timeout", 30*time.Second, "Zip archive open timeout")
 
+	// HTTP server timeouts
+	serverReadTimeout       = flag.Duration("server-read-timeout", 5*time.Second, "ReadTimeout is the maximum duration for reading the entire request, including the body. A zero or negative value means there will be no timeout.")
+	serverReadHeaderTimeout = flag.Duration("server-read-header-timeout", time.Second, "ReadHeaderTimeout is the amount of time allowed to read request headers. A zero or negative value means there will be no timeout.")
+	serverWriteTimeout      = flag.Duration("server-write-timeout", 30*time.Second, "WriteTimeout is the maximum duration before timing out writes of the response. A zero or negative value means there will be no timeout.")
+	serverKeepAlive         = flag.Duration("server-keep-alive", 15*time.Second, "KeepAlive specifies the keep-alive period for network connections accepted by this listener. If zero, keep-alives are enabled if supported by the protocol and operating system. If negative, keep-alives are disabled.")
+
 	disableCrossOriginRequests = flag.Bool("disable-cross-origin-requests", false, "Disable cross-origin requests")
 
 	showVersion = flag.Bool("version", false, "Show version")
diff --git a/server.go b/server.go
index b5aecc37..9a647864 100644
--- a/server.go
+++ b/server.go
@@ -7,7 +7,6 @@ import (
 	stdlog "log"
 	"net"
 	"net/http"
-	"time"
 
 	"github.com/pires/go-proxyproto"
 	"github.com/sirupsen/logrus"
@@ -40,8 +39,12 @@ func (a *theApp) listenAndServe(server *http.Server, addr string, h http.Handler
 		server.TLSConfig.NextProtos = append(server.TLSConfig.NextProtos, "h2")
 	}
 
+	server.ReadTimeout = a.config.Server.ReadTimeout
+	server.ReadHeaderTimeout = a.config.Server.ReadHeaderTimeout
+	server.WriteTimeout = a.config.Server.WriteTimeout
+
 	lc := net.ListenConfig{
-		KeepAlive: 3 * time.Minute,
+		KeepAlive: a.config.Server.ListenKeepAlive,
 	}
 
 	l, err := lc.Listen(context.Background(), "tcp", addr)