Author: markt Date: Fri Mar 24 14:25:37 2017 New Revision: 1788458 URL: http://svn.apache.org/viewvc?rev=1788458&view=rev Log: Huffman encoded string literals must not have more that 7 bits of padding.
Modified: tomcat/trunk/java/org/apache/coyote/http2/HPackHuffman.java tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties Modified: tomcat/trunk/java/org/apache/coyote/http2/HPackHuffman.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/HPackHuffman.java?rev=1788458&r1=1788457&r2=1788458&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/coyote/http2/HPackHuffman.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/HPackHuffman.java Fri Mar 24 14:25:37 2017 @@ -406,6 +406,9 @@ public class HPackHuffman { } bitPos--; } + if (bitPos < 0) { + throw new HpackException(sm.getString("hpackhuffman.stringLiteralTooMuchPadding")); + } } if (!eosBits) { throw new HpackException(sm.getString( Modified: tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties?rev=1788458&r1=1788457&r2=1788458&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties Fri Mar 24 14:25:37 2017 @@ -40,6 +40,7 @@ hpackdecoder.tableSizeUpdateNotAtStart=A hpackEncoder.encodeHeader=Encoding header [{0}] with value [{1}] hpackhuffman.huffmanEncodedHpackValueDidNotEndWithEOS=Huffman encoded value in HPACK headers did not end with EOS padding +hpackhuffman.stringLiteralTooMuchPadding=More than 7 bits of padding were provided at the end of an Huffman encoded string literal http2Parser.headerLimitCount=Connection [{0}], Stream [{1}], Too many headers http2Parser.headerLimitSize=Connection [{0}], Stream [{1}], Total header size too big --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org