Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Flooding requests results in memory leak

See original GitHub issue

Hello,

Using the built-in http and https packages causes a memory leak when the server gets flooded with requests from different IPs which eventually crashes the server.

Code

const express = require('express');
const fs = require('fs');
const http = require('http');
const https = require('https');

const app = express();

app.enable('trust proxy');

app.all('*', (req, res) => {
  return res.send({
    message: 'Hello World!'
  });
});

const privateKey = fs.readFileSync('/etc/letsencrypt/live/.../privkey.pem', 'utf8');
const certificate = fs.readFileSync('/etc/letsencrypt/live/.../cert.pem', 'utf8');
const ca = fs.readFileSync('/etc/letsencrypt/live/.../chain.pem', 'utf8');
const credentials = {
    key: privateKey,
    cert: certificate,
    ca: ca
};

const httpServer = http.createServer(app);
const httpsServer = https.createServer(credentials, app);

httpServer.listen(80, () => {
    console.log('HTTP Server running on port 80');
});

httpsServer.listen(443, () => {
    console.log('HTTPS Server running on port 443');
});

Error

(node:14043) MaxListenersExceededWarning: Possible EventEmitter memory leak detected. 11 error listeners added to [TLSSocket]. Use emitter.setMaxListeners() to increase limit

Issue Analytics

State:
Created a year ago
Comments:10 (6 by maintainers)

Top GitHub Comments

1reaction

dougwilsoncommented, Jun 23, 2022

What I have debugged so far in Node.js is that the case seems to be a flaw in the logic of that internal socketOnError function. When it is called, it removes itself from the list of error listeners and then adds a new error listener, noop. It seems that at some point, that listener was thw only way socketOnError was invoked. But you will find in their code there are now multiple places in which socketOnError is invoked, and removing that error listener doesn’t stop them all. Additional invokations for the same socket keep adding that noop listener, and the state at which the warning happens, there are 10 noop listeners on the socket, and the warning happens when the 11th noop listener is added.

0reactions

dougwilsoncommented, Jun 23, 2022

Hm, very strange.I was able to reproduce on both. But in Express.js code, nothinf is adding the error listener that is leaking with the warning. That event listener is being added by Node.js itself, before the request is ever even handed to Express.js. It is unclear how Express.js can fix the issue you have provided, as the code it all within the Node.js code base and not Express.js…

https://github.com/nodejs/node/blob/e339e9c5d71b72fd09e6abd38b10678e0c592ae7/lib/_http_server.js#L749

Top Results From Across the Web

Flooding requests results in memory leak #43548 - GitHub

What steps will reproduce the bug? 1. Run the code below using node without requiring any additional dependencies. const fs = require( ...

CAPEC-131: Resource Leak Exposure (Version 3.8)

Resource leaks most often come in the form of memory leaks where memory ... However, this attack differs from a flooding attack in...

Eradicating Memory Leaks In Javascript - LambdaTest

A Memory leak can be defined as a piece of memory that is no longer being used or required by an application but...

Memory Corruption and Leak - Vulnerabilities - w4rri0r

The most common type of Denial of Service attack involves flooding the target resource with external communication requests. This overload prevents the resource ......

Memory Leak in Python requests - GeeksforGeeks

When a programmer forgets to clear a memory allocated in heap memory, the memory leak occurs. It's a type of resource leak or...