walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Check payload length when submitting GOAWAY and ALTSVC

This commit is contained in:
Tatsuhiro Tsujikawa 2014-04-01 21:55:29 +09:00
parent f785e56dba
commit f5ead55f0e
4 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/includes/nghttp2/nghttp2.h
View File

@ -2452,6 +2452,8 @@ int nghttp2_submit_ping(nghttp2_session *session, uint8_t flags,
* *
* :enum:`NGHTTP2_ERR_NOMEM` * :enum:`NGHTTP2_ERR_NOMEM`
* Out of memory. * Out of memory.
* NGHTTP2_ERR_INVALID_ARGUMENT
* The |opaque_data_len| is too large.
*/ */
int nghttp2_submit_goaway(nghttp2_session *session, uint8_t flags, int nghttp2_submit_goaway(nghttp2_session *session, uint8_t flags,
nghttp2_error_code error_code, nghttp2_error_code error_code,
@ -2520,6 +2522,9 @@ int nghttp2_submit_window_update(nghttp2_session *session, uint8_t flags,
* :enum:`NGHTTP2_ERR_INVALID_STATE` * :enum:`NGHTTP2_ERR_INVALID_STATE`
* The function is invoked with |session| which was initialized as * The function is invoked with |session| which was initialized as
* client. * client.
* NGHTTP2_ERR_INVALID_ARGUMENT
* The combined length of |protocol_id_len|, |host_len| and
* |origin_len| is is too large.
*/ */
int nghttp2_submit_altsvc(nghttp2_session *session, uint8_t flags, int nghttp2_submit_altsvc(nghttp2_session *session, uint8_t flags,
int32_t stream_id, int32_t stream_id,

2
lib/nghttp2_session.c
View File

@ -5237,7 +5237,7 @@ int nghttp2_session_add_goaway(nghttp2_session *session,
nghttp2_frame *frame; nghttp2_frame *frame;
uint8_t *opaque_data_copy = NULL; uint8_t *opaque_data_copy = NULL;
if(opaque_data_len) { if(opaque_data_len) {
if(opaque_data_len > UINT16_MAX - 8) { if(opaque_data_len + 8 > NGHTTP2_MAX_PAYLOADLEN) {
return NGHTTP2_ERR_INVALID_ARGUMENT; return NGHTTP2_ERR_INVALID_ARGUMENT;
} }
opaque_data_copy = malloc(opaque_data_len); opaque_data_copy = malloc(opaque_data_len);

2
lib/nghttp2_session.h
View File

@ -283,6 +283,8 @@ int nghttp2_session_add_ping(nghttp2_session *session, uint8_t flags,
* *
* NGHTTP2_ERR_NOMEM * NGHTTP2_ERR_NOMEM
* Out of memory. * Out of memory.
* NGHTTP2_ERR_INVALID_ARGUMENT
* The |opaque_data_len| is too large.
*/ */
int nghttp2_session_add_goaway(nghttp2_session *session, int nghttp2_session_add_goaway(nghttp2_session *session,
int32_t last_stream_id, int32_t last_stream_id,

5
lib/nghttp2_submit.c
View File

@ -335,6 +335,11 @@ int nghttp2_submit_altsvc(nghttp2_session *session, uint8_t flags,
varlen = protocol_id_len + host_len + origin_len; varlen = protocol_id_len + host_len + origin_len;
/* 9 = fixed part 8 bytes + HOST_LEN 1 byte */
if(varlen + 9 > NGHTTP2_MAX_PAYLOADLEN) {
return NGHTTP2_ERR_INVALID_ARGUMENT;
}
if(varlen == 0) { if(varlen == 0) {
var = NULL; var = NULL;
copy_protocol_id = NULL; copy_protocol_id = NULL;