TS-3921: HTTP/2 send protocol error on invalid data frame (cherry picked from commit 48fadc42402ddd213f1b30b6639f2334d3d3cf07)
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/3079ab33 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/3079ab33 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/3079ab33 Branch: refs/heads/6.0.x Commit: 3079ab33771e693abc70d1ba22924325b8842815 Parents: 27f8e2c Author: Bryan Call <[email protected]> Authored: Thu Sep 17 13:24:17 2015 -0700 Committer: Bryan Call <[email protected]> Committed: Thu Nov 19 16:33:11 2015 -0800 ---------------------------------------------------------------------- proxy/http2/HTTP2.cc | 13 ++++++------- proxy/http2/Http2ClientSession.cc | 5 ++++- 2 files changed, 10 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3079ab33/proxy/http2/HTTP2.cc ---------------------------------------------------------------------- diff --git a/proxy/http2/HTTP2.cc b/proxy/http2/HTTP2.cc index 34166d3..0929def 100644 --- a/proxy/http2/HTTP2.cc +++ b/proxy/http2/HTTP2.cc @@ -121,15 +121,14 @@ http2_are_frame_flags_valid(uint8_t ftype, uint8_t fflags) bool http2_frame_header_is_valid(const Http2FrameHeader &hdr, unsigned max_frame_size) { - if (hdr.type >= HTTP2_FRAME_TYPE_MAX) { - return false; - } - - if (hdr.length > max_frame_size) { - return false; + if (!http2_are_frame_flags_valid(hdr.type, hdr.flags)) { + // XXX not working right now + // return false; } - if (!http2_are_frame_flags_valid(hdr.type, hdr.flags)) { + // 6.1 If a DATA frame is received whose stream identifier field is 0x0, the recipient MUST + // respond with a connection error (Section 5.4.1) of type PROTOCOL_ERROR. + if (hdr.type == HTTP2_FRAME_TYPE_DATA && hdr.streamid == 0) { return false; } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3079ab33/proxy/http2/Http2ClientSession.cc ---------------------------------------------------------------------- diff --git a/proxy/http2/Http2ClientSession.cc b/proxy/http2/Http2ClientSession.cc index 2de3f2e..6267ffc 100644 --- a/proxy/http2/Http2ClientSession.cc +++ b/proxy/http2/Http2ClientSession.cc @@ -340,7 +340,10 @@ Http2ClientSession::state_start_frame_read(int event, void *edata) if (!http2_frame_header_is_valid(this->current_hdr, this->connection_state.server_settings.get(HTTP2_SETTINGS_MAX_FRAME_SIZE))) { - // XXX nuke it with HTTP2_ERROR_PROTOCOL_ERROR! + SCOPED_MUTEX_LOCK(lock, this->connection_state.mutex, this_ethread()); + if (!this->connection_state.is_state_closed()) { + this->connection_state.send_goaway_frame(this->current_hdr.streamid, HTTP2_ERROR_PROTOCOL_ERROR); + } } // If we know up front that the payload is too long, nuke this connection.
