This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push:
new bb77311 Add back in length check to fail H2 headers with no name.
bb77311 is described below
commit bb7731121551357c09ed42e529e19eb96324cde0
Author: Susan Hinrichs <[email protected]>
AuthorDate: Tue Jun 6 13:23:38 2017 +0000
Add back in length check to fail H2 headers with no name.
(cherry picked from commit caf5f698214cabe115f39b191d571ed6f58eec09)
---
proxy/http2/HTTP2.cc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/proxy/http2/HTTP2.cc b/proxy/http2/HTTP2.cc
index 42a8c1b..c73b55d 100644
--- a/proxy/http2/HTTP2.cc
+++ b/proxy/http2/HTTP2.cc
@@ -643,6 +643,8 @@ http2_decode_header_blocks(HTTPHdr *hdr, const uint8_t
*buf_start, const uint32_
if (pseudo_header_count > expected_pseudo_header_count) {
return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
}
+ } else if (len <= 0) {
+ return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
} else {
if (pseudo_header_count != expected_pseudo_header_count) {
return Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR;
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
