This is an automated email from the ASF dual-hosted git repository.
masaori pushed a commit to branch asf-master-0809-4
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 467fa7db16a375f5fb2470884bd11e78f927ed09
Author: Masaori Koshiba <masa...@apache.org>
AuthorDate: Wed Apr 20 09:34:31 2022 +0900
Add content length mismatch check on handling HEADERS frame and
CONTINUATION frame
---
proxy/http2/Http2ConnectionState.cc | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/proxy/http2/Http2ConnectionState.cc
b/proxy/http2/Http2ConnectionState.cc
index 4f60d58d1..e37025d70 100644
--- a/proxy/http2/Http2ConnectionState.cc
+++ b/proxy/http2/Http2ConnectionState.cc
@@ -384,6 +384,12 @@ Http2ConnectionState::rcv_headers_frame(const Http2Frame
&frame)
}
}
+ // Check Content-Length & payload length when END_STREAM flag is true
+ if (stream->recv_end_stream && !stream->payload_length_is_valid()) {
+ return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION,
Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
+ "recv data bad payload length");
+ }
+
// Set up the State Machine
if (!empty_request) {
SCOPED_MUTEX_LOCK(stream_lock, stream->mutex, this_ethread());
@@ -942,6 +948,12 @@ Http2ConnectionState::rcv_continuation_frame(const
Http2Frame &frame)
}
}
+ // Check Content-Length & payload length when END_STREAM flag is true
+ if (stream->recv_end_stream && !stream->payload_length_is_valid()) {
+ return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION,
Http2ErrorCode::HTTP2_ERROR_PROTOCOL_ERROR,
+ "recv data bad payload length");
+ }
+
// Set up the State Machine
SCOPED_MUTEX_LOCK(stream_lock, stream->mutex, this_ethread());
stream->mark_milestone(Http2StreamMilestone::START_TXN);
