Description

mitmproxy does not limit the size and memory consumption when decoding http messages bodies. Clients or servers can easily crash mitmproxy by sending a single request/response with highly compressed data via proxy.

This pr makes mitmproxy use body_size_limit in option to limit decompressed body size of incoming http messages, protecting it from zip bombs DoS attacks.

http bodies decoding now raises ValueError as decoding fails if decompressed data length exceeds body_size_limit.

Checklist

• I have updated tests where applicable.
• I have added an entry to the CHANGELOG.