RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-22 21:56:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: mux-h2: properly deal with too large headers frames

Browse Source 
In h2c_decode_headers(), now that we support CONTINUATION frames, we
try to defragment all pending frames at once before processing them.
However if the first is exactly full and the second cannot be parsed,
we don't detect the problem and we wait for the next part forever due
to an incorrect check on exit; we must abort the processing as soon as
the current frame remains full after defragmentation as in this case
there is no way to make forward progress.

Thanks to Yves Lafon for providing traces exhibiting the problem.

This must be backported to 1.9.
This commit is contained in:
Willy Tarreau 2019-04-29 10:20:21 +02:00
parent 4de0eba848
commit 97215ca284
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/mux_h2.c
View File

@ -3579,7 +3579,7 @@ next_frame:
b_sub(&h2c->dbuf, hole);
}
if (b_full(&h2c->dbuf) && h2c->dfl > b_data(&h2c->dbuf)) {
if (b_full(&h2c->dbuf) && h2c->dfl >= b_data(&h2c->dbuf)) {
/* too large frames */
h2c_error(h2c, H2_ERR_INTERNAL_ERROR);
ret = -1;