net.vschannel: chunk large TLS payloads to fix 16KB EncryptMessage crash on Windows#26681
Merged
JalonSolov merged 5 commits intoMar 5, 2026
Conversation
Split request payloads into cbMaximumMessage-sized chunks before EncryptMessage and send each encrypted record fully to avoid large-body crashes in Schannel path. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add a reproducible probe script that posts payloads around the 16KB boundary to https://httpbin.org/post and supports before/after expectation modes for regression verification. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes a Windows SChannel bug where sending HTTPS requests with payloads larger than 16 KB caused EncryptMessage to fail (or crash with an access violation), by chunking outbound TLS writes to at most cbMaximumMessage bytes per EncryptMessage call.
Changes:
vschannel.c: Wraps the encrypt-and-send logic in a loop that splits the plaintext into chunks no larger thancbMaximumMessagevschannel_16kb_httpbin_probe.v: Adds a probe tool to verify correct behavior across the 16 KB boundary
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
thirdparty/vschannel/vschannel.c |
Core fix: loops over plaintext in cbMaximumMessage-sized chunks, encrypting and sending each independently |
cmd/tools/vschannel_16kb_httpbin_probe.v |
Regression probe tool that spawns worker subprocesses and validates results against an expected pass/fail mode |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
added 2 commits
March 3, 2026 19:37
- use os.new_process instead of os.execute to avoid shell escaping issues on Windows and separate stdout/stderr capture - add explicit 'none' branch in expected_success_for_mode to make intent clear and guard against future unexpected mode values
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
cestef
pushed a commit
to cestef/v
that referenced
this pull request
Mar 9, 2026
…ash on Windows (vlang#26681) * fix(vschannel): chunk large TLS request payloads on Windows Split request payloads into cbMaximumMessage-sized chunks before EncryptMessage and send each encrypted record fully to avoid large-body crashes in Schannel path. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test(tools): add vschannel 16kb httpbin probe script Add a reproducible probe script that posts payloads around the 16KB boundary to https://httpbin.org/post and supports before/after expectation modes for regression verification. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * style(tools): vfmt vschannel_16kb_httpbin_probe.v * refactor(tools): apply Copilot suggestions to vschannel probe - use os.new_process instead of os.execute to avoid shell escaping issues on Windows and separate stdout/stderr capture - add explicit 'none' branch in expected_success_for_mode to make intent clear and guard against future unexpected mode values * fix(vschannel): cast send result before DWORD accumulation --------- Co-authored-by: baiyunfeng <baiyunfeng@bailian.ai> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Windows SChannel enforces a maximum message size of 16,384 bytes per
EncryptMessagecall. Before this fix, sending an HTTPS request with a payload larger than 16 KB would:EncryptMessagefailure – returns0x80090329when the input buffer exceedscbMaximumMessage.-1073741819(0xC0000005 ACCESS_VIOLATION).This affects any HTTPS POST/PUT with a large body (file uploads, JSON payloads, etc.) on Windows.
Fix
Query
QueryContextAttributes(SECPKG_ATTR_STREAM_SIZES)forcbMaximumMessageand split the plaintext into chunks of that size (≤ 16,384 bytes) before callingEncryptMessage. Each chunk is encrypted and written to the socket independently.Verification
A new probe tool
cmd/tools/vschannel_16kb_httpbin_probe.vconfirms the fix across the 16 KB boundary againsthttps://httpbin.org/post:c72ad76^)EncryptMessage0x80090329+ crashEncryptMessage0x80090329+ crashRUNTIME ERROR: invalid memory access(exit-1073741819)Reproduce / verify locally:
Changes
vlib/net/vschannel/vschannel.c.v– chunk outbound TLS writes to ≤cbMaximumMessagebytescmd/tools/vschannel_16kb_httpbin_probe.v– probe script for regression testing