arturobernalg opened a new pull request, #633: URL: https://github.com/apache/httpcomponents-core/pull/633
Mask the reserved MSB on all received 31-bit identifiers / values (frame Stream Identifier, WINDOW_UPDATE increment, PUSH_PROMISE promised stream id, GOAWAY last-stream-id) to comply with RFC 9113 and avoid mis-parsing them as signed integers. [RFC 9113 4.1](https://www.rfc-editor.org/rfc/rfc9113.html#name-frame-format) (Frame Format): "The semantics of this bit are undefined, and the bit MUST remain unset (0x00) when sending and MUST be ignored when receiving." [RFC 9113 4.1](https://www.rfc-editor.org/rfc/rfc9113.html#name-frame-format) (Frame Format): "A stream identifier ... expressed as an unsigned 31-bit integer." [RFC 9113 6.6](https://www.rfc-editor.org/rfc/rfc9113.html#section-6.6) (PUSH_PROMISE): "An unsigned 31-bit integer that identifies the stream that is reserved by the PUSH_PROMISE." [RFC 9113 6.8](https://www.rfc-editor.org/rfc/rfc9113.html#section-6.8) (GOAWAY), Figure 10: "Reserved (1), Last-Stream-ID (31)" [RFC 9113 6.9](https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update) (WINDOW_UPDATE): "The frame payload of a WINDOW_UPDATE frame is one reserved bit plus an unsigned 31-bit integer." [RFC 9113 6.9](https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update) (WINDOW_UPDATE): "The legal range for the increment to the flow-control window is 1 to 2^{31}-1." -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
