masaori335 commented on pull request #7237: URL: https://github.com/apache/trafficserver/pull/7237#issuecomment-708161574
> Seemed to occur on POST with very large post bodies (2MB) with a content-length specified, but the bad client sent another data frame after the content-length number of bytes was sent. Seems you found another bug. Definitely, this is a malformed request. ([RFC 7540 Section 8.1.2.6](https://tools.ietf.org/html/rfc7540#section-8.1.2.6) ) We have to check the size before writing data to the buffer in `rcv_data_frame()`. Currently, the check is done only if the DATA frame has the END_STREAM flag. https://github.com/apache/trafficserver/blob/bb847ee03c274b7aed2993423c4fe3957cb11c2a/proxy/http2/Http2ConnectionState.cc#L142 ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
