arturobernalg commented on code in PR #628:
URL:
https://github.com/apache/httpcomponents-core/pull/628#discussion_r2829004571
##########
httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/io/FrameInputBuffer.java:
##########
@@ -103,11 +104,17 @@ public RawFrame read(final InputStream inStream) throws
IOException {
final int payloadLen = (buffer[off] & 0xff) << 16 | (buffer[off + 1] &
0xff) << 8 | (buffer[off + 2] & 0xff);
final int type = buffer[off + 3] & 0xff;
final int flags = buffer[off + 4] & 0xff;
- final int streamId = Math.abs(buffer[off + 5] & 0xff) << 24 |
(buffer[off + 6] & 0xff << 16) | (buffer[off + 7] & 0xff) << 8 | (buffer[off +
8] & 0xff);
+ // HTTP/2 stream id is 31-bit; ignore the reserved (MSB) bit.
+ // Note: mask before shift; `b & 0xff << 16` would drop the byte due
to operator precedence.
+ final int streamId = ((buffer[off + 5] & 0x7f) << 24) | ((buffer[off +
6] & 0xff) << 16) | ((buffer[off + 7] & 0xff) << 8) | (buffer[off + 8] & 0xff);
if (payloadLen > maxFramePayloadSize) {
throw new H2ConnectionException(H2Error.FRAME_SIZE_ERROR, "Frame
size exceeds maximum");
}
+ if (type == FrameType.SETTINGS.getValue() && (flags &
FrameFlag.ACK.getValue()) != 0 && payloadLen != 0) {
Review Comment:
> @arturobernalg This is the wrong place and not the buffer's job to
validate frames. Move this check to the protocol handler.
@ok2c yeah. The check of the `payloadLen > maxFramePayloadSize` make me
doubt and i put it there. I just moved.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
