walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Harden check for submit functions 

nghttp2_submit_{headers,request}: Return NGHTTP2_ERR_INVAILD_ARGUMENT
if pri_spec->type is invalid.

nghttp2_submit_push_promise: Return NGHTTP2_ERR_PROTO if issued by
client.

nghttp2_submit_altsvc: Return NGHTTP2_ERR_PROTO instead of
NGHTTP2_ERR_INVALID_STATE if issued by client.
This commit is contained in:
Tatsuhiro Tsujikawa 2014-04-09 00:13:11 +09:00
parent 8658163aac
commit 9b3d5a8be5
2 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/nghttp2_submit.c
View File

@ -129,12 +129,15 @@ static int nghttp2_submit_headers_shared_nva
NGHTTP2_PRIORITY_TYPE_NONE NGHTTP2_PRIORITY_TYPE_NONE
}; };
rv = nghttp2_nv_array_copy(&nva_copy, nva, nvlen);
if(rv < 0) {
return rv;
}
if(pri_spec) { if(pri_spec) {
switch(pri_spec->pri_type) {
case NGHTTP2_PRIORITY_TYPE_GROUP:
case NGHTTP2_PRIORITY_TYPE_DEP:
break;
default:
return NGHTTP2_ERR_INVALID_ARGUMENT;
}
copy_pri_spec = *pri_spec; copy_pri_spec = *pri_spec;
if(copy_pri_spec.pri_type == NGHTTP2_PRIORITY_TYPE_GROUP) { if(copy_pri_spec.pri_type == NGHTTP2_PRIORITY_TYPE_GROUP) {
@ -142,6 +145,11 @@ static int nghttp2_submit_headers_shared_nva
} }
} }
rv = nghttp2_nv_array_copy(&nva_copy, nva, nvlen);
if(rv < 0) {
return rv;
}
return nghttp2_submit_headers_shared(session, flags, stream_id, return nghttp2_submit_headers_shared(session, flags, stream_id,
&copy_pri_spec, nva_copy, rv, data_prd, &copy_pri_spec, nva_copy, rv, data_prd,
stream_user_data); stream_user_data);
@ -263,6 +271,10 @@ int nghttp2_submit_push_promise(nghttp2_session *session, uint8_t flags,
nghttp2_headers_aux_data *aux_data = NULL; nghttp2_headers_aux_data *aux_data = NULL;
int rv; int rv;
if(!session->server) {
return NGHTTP2_ERR_PROTO;
}
frame = malloc(sizeof(nghttp2_frame)); frame = malloc(sizeof(nghttp2_frame));
if(frame == NULL) { if(frame == NULL) {
return NGHTTP2_ERR_NOMEM; return NGHTTP2_ERR_NOMEM;
@ -347,7 +359,7 @@ int nghttp2_submit_altsvc(nghttp2_session *session, uint8_t flags,
uint8_t *copy_protocol_id, *copy_host, *copy_origin; uint8_t *copy_protocol_id, *copy_host, *copy_origin;
if(!session->server) { if(!session->server) {
return NGHTTP2_ERR_INVALID_STATE; return NGHTTP2_ERR_PROTO;
} }
varlen = protocol_id_len + host_len + origin_len; varlen = protocol_id_len + host_len + origin_len;

4
tests/nghttp2_session_test.c
View File

@ -3484,7 +3484,7 @@ void test_nghttp2_submit_altsvc(void)
nghttp2_session_client_new(&session, &callbacks, NULL); nghttp2_session_client_new(&session, &callbacks, NULL);
CU_ASSERT(NGHTTP2_ERR_INVALID_STATE == CU_ASSERT(NGHTTP2_ERR_PROTO ==
nghttp2_submit_altsvc(session, NGHTTP2_FLAG_NONE, nghttp2_submit_altsvc(session, NGHTTP2_FLAG_NONE,
0, 0, 3000, 0, 0, 3000,
(const uint8_t*)protocol_id, (const uint8_t*)protocol_id,
@ -3548,7 +3548,7 @@ void test_nghttp2_submit_invalid_nv(void)
memset(&callbacks, 0, sizeof(nghttp2_session_callbacks)); memset(&callbacks, 0, sizeof(nghttp2_session_callbacks));
CU_ASSERT(0 == nghttp2_session_client_new(&session, &callbacks, NULL)); CU_ASSERT(0 == nghttp2_session_server_new(&session, &callbacks, NULL));
/* nghttp2_submit_request */ /* nghttp2_submit_request */
CU_ASSERT(0 == CU_ASSERT(0 ==