This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new e92122833 Add content length mismatch check on handling HEADERS frame and CONTINUATION frame (#9012) e92122833 is described below commit e92122833c68ec7528dce09ff0db630825ebc348 Author: Masaori Koshiba <masa...@apache.org> AuthorDate: Tue Aug 9 09:30:16 2022 +0900 Add content length mismatch check on handling HEADERS frame and CONTINUATION frame (#9012) * Add content length mismatch check on handling HEADERS frame and CONTINUATION frame * Correct error class of HTTP/2 malformed requests --- proxy/http2/Http2ConnectionState.cc | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/proxy/http2/Http2ConnectionState.cc b/proxy/http2/Http2ConnectionState.cc index 4f60d58d1..b0e3a1cd9 100644 --- a/proxy/http2/Http2ConnectionState.cc +++ b/proxy/http2/Http2ConnectionState.cc @@ -139,7 +139,7 @@ Http2ConnectionState::rcv_data_frame(const Http2Frame &frame) return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE); } if (!stream->payload_length_is_valid()) { - return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR, + return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR, "recv data bad payload length"); } @@ -384,6 +384,12 @@ Http2ConnectionState::rcv_headers_frame(const Http2Frame &frame) } } + // Check Content-Length & payload length when END_STREAM flag is true + if (stream->recv_end_stream && !stream->payload_length_is_valid()) { + return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR, + "recv data bad payload length"); + } + // Set up the State Machine if (!empty_request) { SCOPED_MUTEX_LOCK(stream_lock, stream->mutex, this_ethread()); @@ -942,6 +948,12 @@ Http2ConnectionState::rcv_continuation_frame(const Http2Frame &frame) } } + // Check Content-Length & payload length when END_STREAM flag is true + if (stream->recv_end_stream && !stream->payload_length_is_valid()) { + return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_STREAM, Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR, + "recv data bad payload length"); + } + // Set up the State Machine SCOPED_MUTEX_LOCK(stream_lock, stream->mutex, this_ethread()); stream->mark_milestone(Http2StreamMilestone::START_TXN);