nghttp: Limit incoming header field buffer
This commit is contained in:
Tatsuhiro Tsujikawa
parent
026919b7ea
commit
7a0ab83107
|
|
@ -135,8 +135,8 @@ Request::Request(const std::string &uri, const http_parser_url &u,
|
||||||
const nghttp2_priority_spec &pri_spec, int level)
|
const nghttp2_priority_spec &pri_spec, int level)
|
||||||
: uri(uri), u(u), pri_spec(pri_spec), data_length(data_length),
|
: uri(uri), u(u), pri_spec(pri_spec), data_length(data_length),
|
||||||
data_offset(0), response_len(0), inflater(nullptr), html_parser(nullptr),
|
data_offset(0), response_len(0), inflater(nullptr), html_parser(nullptr),
|
||||||
data_prd(data_prd), stream_id(-1), status(0), level(level),
|
data_prd(data_prd), header_buffer_size(0), stream_id(-1), status(0),
|
||||||
expect_final_response(false) {
|
level(level), expect_final_response(false) {
|
||||||
http2::init_hdidx(res_hdidx);
|
http2::init_hdidx(res_hdidx);
|
||||||
http2::init_hdidx(req_hdidx);
|
http2::init_hdidx(req_hdidx);
|
||||||
}
|
}
|
||||||
|
|
@ -1704,6 +1704,14 @@ int on_header_callback(nghttp2_session *session, const nghttp2_frame *frame,
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (req->header_buffer_size + namelen + valuelen > 64_k) {
|
||||||
|
nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, frame->hd.stream_id,
|
||||||
|
NGHTTP2_INTERNAL_ERROR);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
req->header_buffer_size += namelen + valuelen;
|
||||||
|
|
||||||
auto token = http2::lookup_token(name, namelen);
|
auto token = http2::lookup_token(name, namelen);
|
||||||
|
|
||||||
http2::index_header(req->res_hdidx, token, req->res_nva.size());
|
http2::index_header(req->res_hdidx, token, req->res_nva.size());
|
||||||
|
|
@ -1719,6 +1727,15 @@ int on_header_callback(nghttp2_session *session, const nghttp2_frame *frame,
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (req->header_buffer_size + namelen + valuelen > 64_k) {
|
||||||
|
nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
|
||||||
|
frame->push_promise.promised_stream_id,
|
||||||
|
NGHTTP2_INTERNAL_ERROR);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
req->header_buffer_size += namelen + valuelen;
|
||||||
|
|
||||||
auto token = http2::lookup_token(name, namelen);
|
auto token = http2::lookup_token(name, namelen);
|
||||||
|
|
||||||
http2::index_header(req->req_hdidx, token, req->req_nva.size());
|
http2::index_header(req->req_hdidx, token, req->req_nva.size());
|
||||||
|
|
@ -1806,6 +1823,10 @@ int on_frame_recv_callback2(nghttp2_session *session,
|
||||||
if (!req) {
|
if (!req) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Reset for response header field reception
|
||||||
|
req->header_buffer_size = 0;
|
||||||
|
|
||||||
auto scheme = req->get_req_header(http2::HD__SCHEME);
|
auto scheme = req->get_req_header(http2::HD__SCHEME);
|
||||||
auto authority = req->get_req_header(http2::HD__AUTHORITY);
|
auto authority = req->get_req_header(http2::HD__AUTHORITY);
|
||||||
auto path = req->get_req_header(http2::HD__PATH);
|
auto path = req->get_req_header(http2::HD__PATH);
|
||||||
|
|
|
||||||
|
|
@ -150,6 +150,7 @@ struct Request {
|
||||||
nghttp2_gzip *inflater;
|
nghttp2_gzip *inflater;
|
||||||
HtmlParser *html_parser;
|
HtmlParser *html_parser;
|
||||||
const nghttp2_data_provider *data_prd;
|
const nghttp2_data_provider *data_prd;
|
||||||
|
size_t header_buffer_size;
|
||||||
int32_t stream_id;
|
int32_t stream_id;
|
||||||
int status;
|
int status;
|
||||||
// Recursion level: 0: first entity, 1: entity linked from first entity
|
// Recursion level: 0: first entity, 1: entity linked from first entity
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue