This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new caf5f69 Add back in length check to fail H2 headers with no name.
caf5f69 is described below
commit caf5f698214cabe115f39b191d571ed6f58eec09
Author: Susan Hinrichs <[email protected]>
AuthorDate: Tue Jun 6 13:23:38 2017 +0000
Add back in length check to fail H2 headers with no name.
---
proxy/http2/HTTP2.cc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/proxy/http2/HTTP2.cc b/proxy/http2/HTTP2.cc
index 0151800..36cd31e 100644
--- a/proxy/http2/HTTP2.cc
+++ b/proxy/http2/HTTP2.cc
@@ -645,6 +645,8 @@ http2_decode_header_blocks(HTTPHdr *hdr, const uint8_t
*buf_start, const uint32_
if (pseudo_header_count > expected_pseudo_header_count) {
return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
}
+ } else if (len <= 0) {
+ return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
} else {
if (pseudo_header_count != expected_pseudo_header_count) {
return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
