[PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments

Piotr Sikora piotrsikora at google.com
Tue Mar 28 10:52:07 UTC 2017 

# HG changeset patch
# User Piotr Sikora <piotrsikora at google.com>
# Date 1490516706 25200
#      Sun Mar 26 01:25:06 2017 -0700
# Node ID ccb36c87291e38d1a63224d143cbeaa4ee4a4287
# Parent  22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments.

Signed-off-by: Piotr Sikora <piotrsikora at google.com>

diff -r 22be63bf21ed -r ccb36c87291e src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -2168,11 +2168,42 @@ ngx_http_v2_state_window_update(ngx_http
             ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0,
                            "unknown http2 stream");
 
+            if (window == 0) {
+                ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+                              "client sent WINDOW_UPDATE frame for unknown "
+                              "stream %ui with incorrect window increment 0",
+                              h2c->state.sid);
+
+                if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid,
+                                                NGX_HTTP_V2_PROTOCOL_ERROR)
+                    == NGX_ERROR)
+                {
+                    return ngx_http_v2_connection_error(h2c,
+                                                   NGX_HTTP_V2_INTERNAL_ERROR);
+                }
+            }
+
             return ngx_http_v2_state_complete(h2c, pos, end);
         }
 
         stream = node->stream;
 
+        if (window == 0) {
+            ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+                          "client sent WINDOW_UPDATE frame for stream %ui "
+                          "with incorrect window increment 0", h2c->state.sid);
+
+            if (ngx_http_v2_terminate_stream(h2c, stream,
+                                             NGX_HTTP_V2_PROTOCOL_ERROR)
+                == NGX_ERROR)
+            {
+                return ngx_http_v2_connection_error(h2c,
+                                                    NGX_HTTP_V2_INTERNAL_ERROR);
+            }
+
+            return ngx_http_v2_state_complete(h2c, pos, end);
+        }
+
         if (window > (size_t) (NGX_HTTP_V2_MAX_WINDOW - stream->send_window)) {
 
             ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
@@ -2211,6 +2242,14 @@ ngx_http_v2_state_window_update(ngx_http
         return ngx_http_v2_state_complete(h2c, pos, end);
     }
 
+    if (window == 0) {
+        ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+                      "client sent WINDOW_UPDATE frame "
+                      "with incorrect window increment 0");
+
+        return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR);
+    }
+
     if (window > NGX_HTTP_V2_MAX_WINDOW - h2c->send_window) {
         ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
                       "client violated connection flow control: "

More information about the nginx-devel mailing list