vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Sun Sep 22 19:48:38 2019 +0300| [4ba88ad56594d7b30cd8926c5be5176030804574] | committer: Rémi Denis-Courmont
http: handle invalid WINDOW_UPDATE increment value > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=4ba88ad56594d7b30cd8926c5be5176030804574 --- modules/access/http/h2frame.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/modules/access/http/h2frame.c b/modules/access/http/h2frame.c index 2ece26ebcf..4a2b728a7f 100644 --- a/modules/access/http/h2frame.c +++ b/modules/access/http/h2frame.c @@ -854,16 +854,26 @@ static int vlc_h2_parse_frame_window_update(struct vlc_h2_parser *p, struct vlc_h2_frame *f, size_t len, uint_fast32_t id) { - free(f); - if (len != 4) { + free(f); + if (id == 0) return vlc_h2_parse_error(p, VLC_H2_FRAME_SIZE_ERROR); return vlc_h2_stream_error(p, id, VLC_H2_FRAME_SIZE_ERROR); } - /* Nothing to do as we do not send data for the time being. */ + uint_fast32_t credit = GetDWBE(vlc_h2_frame_payload(f)) & 0x7fffffffu; + + free(f); + + if (credit == 0) + { + if (id == 0) + return vlc_h2_parse_error(p, VLC_H2_PROTOCOL_ERROR); + return vlc_h2_stream_error(p, id, VLC_H2_PROTOCOL_ERROR); + } + return 0; } _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
