[nginx] HTTP/2: improved error handling while parsing integers.
Valentin Bartenev
vbart at nginx.com
Tue Oct 20 18:33:03 UTC 2015
details: http://hg.nginx.org/nginx/rev/ee16fb0db905
branches:
changeset: 6268:ee16fb0db905
user: Valentin Bartenev <vbart at nginx.com>
date: Tue Oct 20 21:28:38 2015 +0300
description:
HTTP/2: improved error handling while parsing integers.
The case when an integer is out of frame bounds should be checked first
as a more accurate error.
diffstat:
src/http/v2/ngx_http_v2.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diffs (22 lines):
diff -r adaac65899c8 -r ee16fb0db905 src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Tue Oct 20 21:26:38 2015 +0300
+++ b/src/http/v2/ngx_http_v2.c Tue Oct 20 21:28:38 2015 +0300
@@ -2417,14 +2417,14 @@ ngx_http_v2_parse_int(ngx_http_v2_connec
}
}
+ if ((size_t) (end - start) >= h2c->state.length) {
+ return NGX_ERROR;
+ }
+
if (end == start + NGX_HTTP_V2_INT_OCTETS) {
return NGX_DECLINED;
}
- if ((size_t) (end - start) >= h2c->state.length) {
- return NGX_ERROR;
- }
-
return NGX_AGAIN;
}
More information about the nginx-devel
mailing list