From fccffe08b39a877e974b5150f325b0f8ade4d61a Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Thu, 30 Sep 2021 14:47:32 +0200 Subject: [PATCH] MINOR: qpack: do not encode invalid http status code Ensure that the HTTP status code is valid before encoding with QPACK. An error is return if this is not the case. --- src/qpack-enc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/qpack-enc.c b/src/qpack-enc.c index f53de7cb5..4d08836e0 100644 --- a/src/qpack-enc.c +++ b/src/qpack-enc.c @@ -54,6 +54,9 @@ int qpack_encode_int_status(struct buffer *out, unsigned int status) { int status_size, idx = 0; + if (status < 100 || status > 599) + return 1; + switch (status) { case 103: idx = 24; break; case 200: idx = 25; break;