You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bc...@apache.org on 2022/08/09 00:30:21 UTC
[trafficserver] branch master updated: Add content length mismatch check on handling HEADERS frame and CONTINUATION frame (#9012)
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new e92122833 Add content length mismatch check on handling HEADERS frame and CONTINUATION frame (#9012)
e92122833 is described below
commit e92122833c68ec7528dce09ff0db630825ebc348
Author: Masaori Koshiba <ma...@apache.org>
AuthorDate: Tue Aug 9 09:30:16 2022 +0900
Add content length mismatch check on handling HEADERS frame and CONTINUATION frame (#9012)
* Add content length mismatch check on handling HEADERS frame and CONTINUATION frame
* Correct error class of HTTP/2 malformed requests
---
proxy/http2/Http2ConnectionState.cc | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/proxy/http2/Http2ConnectionState.cc b/proxy/http2/Http2ConnectionState.cc
index 4f60d58d1..b0e3a1cd9 100644
--- a/proxy/http2/Http2ConnectionState.cc
+++ b/proxy/http2/Http2ConnectionState.cc
@@ -139,7 +139,7 @@ Http2ConnectionState::rcv_data_frame(const Http2Frame &frame)
return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
}
if (!stream->payload_length_is_valid()) {
- return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
+ return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
"recv data bad payload length");
}
@@ -384,6 +384,12 @@ Http2ConnectionState::rcv_headers_frame(const Http2Frame &frame)
}
}
+ // Check Content-Length & payload length when END_STREAM flag is true
+ if (stream->recv_end_stream && !stream->payload_length_is_valid()) {
+ return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
+ "recv data bad payload length");
+ }
+
// Set up the State Machine
if (!empty_request) {
SCOPED_MUTEX_LOCK(stream_lock, stream->mutex, this_ethread());
@@ -942,6 +948,12 @@ Http2ConnectionState::rcv_continuation_frame(const Http2Frame &frame)
}
}
+ // Check Content-Length & payload length when END_STREAM flag is true
+ if (stream->recv_end_stream && !stream->payload_length_is_valid()) {
+ return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
+ "recv data bad payload length");
+ }
+
// Set up the State Machine
SCOPED_MUTEX_LOCK(stream_lock, stream->mutex, this_ethread());
stream->mark_milestone(Http2StreamMilestone::START_TXN);