walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Check max SETTINGS_HEADER_TABLE_SIZE in nghttp2_iv_check() 

Hide NGHTTP2_MAX_HEADER_TABLE_SIZE from public API.  Now it is defined
as ((1u << 31) - 1) in nghttp2_frame.h, which is sufficiently big
enough.
This commit is contained in:
Tatsuhiro Tsujikawa 2014-05-12 21:28:49 +09:00
parent f85c592818
commit bc6d952361
5 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/includes/nghttp2/nghttp2.h
View File

@ -152,13 +152,6 @@ typedef struct {
*/ */
#define NGHTTP2_INITIAL_CONNECTION_WINDOW_SIZE ((1 << 16) - 1) #define NGHTTP2_INITIAL_CONNECTION_WINDOW_SIZE ((1 << 16) - 1)
/**
* @macro
*
* The maximum header table size.
*/
#define NGHTTP2_MAX_HEADER_TABLE_SIZE (1 << 28)
/** /**
* @macro * @macro
* *

4
lib/nghttp2_frame.c
View File

@ -1008,6 +1008,10 @@ int nghttp2_iv_check(const nghttp2_settings_entry *iv, size_t niv)
for(i = 0; i < niv; ++i) { for(i = 0; i < niv; ++i) {
switch(iv[i].settings_id) { switch(iv[i].settings_id) {
case NGHTTP2_SETTINGS_HEADER_TABLE_SIZE: case NGHTTP2_SETTINGS_HEADER_TABLE_SIZE:
if(iv[i].value > NGHTTP2_MAX_HEADER_TABLE_SIZE) {
return 0;
}
break;
case NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS: case NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS:
break; break;
case NGHTTP2_SETTINGS_ENABLE_PUSH: case NGHTTP2_SETTINGS_ENABLE_PUSH:

3
lib/nghttp2_frame.h
View File

@ -57,6 +57,9 @@
/* The number of bytes for each SETTINGS entry */ /* The number of bytes for each SETTINGS entry */
#define NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH 5 #define NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH 5
/* The maximum header table size in SETTINGS_HEADER_TABLE_SIZE */
#define NGHTTP2_MAX_HEADER_TABLE_SIZE ((1u << 31) - 1)
/* Category of frames. */ /* Category of frames. */
typedef enum { typedef enum {
/* non-DATA frame */ /* non-DATA frame */

7
lib/nghttp2_session.c
View File

@ -3265,7 +3265,8 @@ static int session_update_local_initial_window_size
/* /*
* Apply SETTINGS values |iv| having |niv| elements to the local * Apply SETTINGS values |iv| having |niv| elements to the local
* settings. * settings. We assumes that all values in |iv| is correct, since we
* validated them in nghttp2_session_add_settings() already.
* *
* This function returns 0 if it succeeds, or one of the following * This function returns 0 if it succeeds, or one of the following
* negative error codes: * negative error codes:
@ -3297,10 +3298,6 @@ int nghttp2_session_update_local_settings(nghttp2_session *session,
} }
} }
if(header_table_size_seen) { if(header_table_size_seen) {
if(header_table_size < 0 ||
header_table_size > NGHTTP2_MAX_HEADER_TABLE_SIZE) {
return NGHTTP2_ERR_HEADER_COMP;
}
rv = nghttp2_hd_inflate_change_table_size(&session->hd_inflater, rv = nghttp2_hd_inflate_change_table_size(&session->hd_inflater,
header_table_size); header_table_size);
if(rv != 0) { if(rv != 0) {

5
tests/nghttp2_frame_test.c
View File

@ -647,4 +647,9 @@ void test_nghttp2_iv_check(void)
iv[1].settings_id = 1000000009; iv[1].settings_id = 1000000009;
iv[1].value = 0; iv[1].value = 0;
CU_ASSERT(!nghttp2_iv_check(iv, 2)); CU_ASSERT(!nghttp2_iv_check(iv, 2));
/* Too large SETTINGS_HEADER_TABLE_SIZE */
iv[1].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE;
iv[1].value = UINT32_MAX;
CU_ASSERT(!nghttp2_iv_check(iv, 2));
} }