This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0cac540a882220231ba7a82330483cbd5f6b1f96 Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Jan 25 12:13:55 2024 +0000 Report HTTP/2 header parsing errors earlier --- java/org/apache/coyote/http2/Http2Parser.java | 11 ++++++----- webapps/docs/changelog.xml | 5 +++++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/java/org/apache/coyote/http2/Http2Parser.java b/java/org/apache/coyote/http2/Http2Parser.java index 306e8a3831..2e2f4138c9 100644 --- a/java/org/apache/coyote/http2/Http2Parser.java +++ b/java/org/apache/coyote/http2/Http2Parser.java @@ -265,6 +265,9 @@ class Http2Parser { swallowPayload(streamId, FrameType.HEADERS.getId(), padLength, true); + // Validate the headers so far + hpackDecoder.getHeaderEmitter().validateHeaders(); + if (Flags.isEndOfHeaders(flags)) { onHeadersComplete(streamId); } else { @@ -405,6 +408,9 @@ class Http2Parser { readHeaderPayload(streamId, payloadSize); + // Validate the headers so far + hpackDecoder.getHeaderEmitter().validateHeaders(); + if (endOfHeaders) { headersCurrentStream = -1; onHeadersComplete(streamId); @@ -576,11 +582,6 @@ class Http2Parser { Http2Error.COMPRESSION_ERROR); } - // Delay validation (and triggering any exception) until this point - // since all the headers still have to be read if a StreamException is - // going to be thrown. - hpackDecoder.getHeaderEmitter().validateHeaders(); - output.headersEnd(streamId, headersEndStream); if (headersEndStream) { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 2fd2c8b664..beebcf6765 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -165,6 +165,11 @@ <code>Content-Type</code> value to improve performance by reducing repeated <code>byte[]</code> to <code>String</code> conversions. (markt) </fix> + <fix> + Improve error reporting to HTTP/2 clients for header processing errors + by reporting problems at the end of the frame where the error was + detected rather than at the end of the headers. (markt) + </fix> </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org