You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/06/18 21:50:29 UTC

svn commit: r1686304 - in /tomcat/trunk: java/org/apache/coyote/http2/Http2Parser.java java/org/apache/coyote/http2/LocalStrings.properties test/org/apache/coyote/http2/TestHttp2Section_6_1.java

Author: markt
Date: Thu Jun 18 19:50:29 2015
New Revision: 1686304

URL: http://svn.apache.org/r1686304
Log:
Validate that the padding is not too long

Modified:
    tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java
    tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
    tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_1.java

Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java?rev=1686304&r1=1686303&r2=1686304&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java Thu Jun 18 19:50:29 2015
@@ -141,6 +141,13 @@ class Http2Parser {
             byte[] b = new byte[1];
             input.fill(true, b);
             padLength = b[0] & 0xFF;
+
+            if (padLength >= payloadSize) {
+                throw new ConnectionException(
+                        sm.getString("http2Parser.processFrameData.tooMuchPadding", connectionId,
+                                Integer.toString(streamId), Integer.toString(padLength),
+                                Integer.toString(payloadSize)), Http2Error.PROTOCOL_ERROR);
+            }
             // +1 is for the padding length byte we just read above
             dataLength = payloadSize - (padLength + 1);
         } else {

Modified: tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties?rev=1686304&r1=1686303&r2=1686304&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties Thu Jun 18 19:50:29 2015
@@ -46,6 +46,7 @@ http2Parser.processFrame=Connection [{0}
 http2Parser.processFrame.unexpectedType=Expected frame type [{0}] but received frame type [{1}]
 http2Parser.processFrameContinuation.notExpected=Connection [{0}], Continuation frame received for stream [{1}] when no headers were in progress
 http2Parser.processFrameData.lengths=Connection [{0}], Stream [{1}], Data length, [{2}], Padding length [{3}]
+http2Parser.processFrameData.tooMuchPadding=Connection [{0}], Stream [{1}], The padding length [{2}] was too big for the payload [{3}]
 http2Parser.processFrameGoaway.payloadTooSmall=Connection [{0}]: Goaway payload size was [{1}] which is less than the minimum 8
 http2Parser.processFrameHeaders.decodingFailed=There was an error during the HPACK decoding of HTTP headers
 http2Parser.processFrameHeaders.decodingDataLeft=Data left over after HPACK decoding - it should have been consumed

Modified: tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_1.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_1.java?rev=1686304&r1=1686303&r2=1686304&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_1.java (original)
+++ tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_1.java Thu Jun 18 19:50:29 2015
@@ -116,5 +116,32 @@ public class TestHttp2Section_6_1 extend
         Assert.assertTrue(trace, trace.startsWith("0-Goaway-[1]-[1]-["));
     }
 
+
+    @Test
+    public void testDataFrameTooMuchPadding() throws Exception {
+        http2Connect();
+
+        byte[] dataFrame = new byte[10];
+
+        // Header
+        // length
+        ByteUtil.setThreeBytes(dataFrame, 0, 1);
+        // type 0 (data)
+        // flags 8 (padded)
+        dataFrame[4] = 0x08;
+        // stream 3
+        ByteUtil.set31Bits(dataFrame, 5, 3);
+        // payload (pad length of 1)
+        dataFrame[9] = 1;
+
+        os.write(dataFrame);
+        os.flush();
+
+        parser.readFrame(true);
+
+        String trace = output.getTrace();
+        Assert.assertTrue(trace, trace.startsWith("0-Goaway-[1]-[1]-["));
+    }
+
     // TODO: Remainder if section 6.1 tests
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org