[nginx] HTTP/2: rejecting zero WINDOW_UPDATE with PROTOCOL_ERROR.

Valentin Bartenev vbart at nginx.com
Mon Apr 24 11:20:53 UTC 2017 

details:   http://hg.nginx.org/nginx/rev/cc823122d50d
branches:  
changeset: 6988:cc823122d50d
user:      Valentin Bartenev <vbart at nginx.com>
date:      Mon Apr 24 14:16:57 2017 +0300
description:
HTTP/2: rejecting zero WINDOW_UPDATE with PROTOCOL_ERROR.

It's required by RFC 7540.  While there is no real harm from such frames,
that should help to detect broken clients.

Based on a patch by Piotr Sikora.

diffstat:

 src/http/v2/ngx_http_v2.c |  38 ++++++++++++++++++++++++++++++++++++++
 1 files changed, 38 insertions(+), 0 deletions(-)

diffs (48 lines):

diff -r 5116cfea1e9a -r cc823122d50d src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c	Thu Apr 20 18:26:38 2017 +0300
+++ b/src/http/v2/ngx_http_v2.c	Mon Apr 24 14:16:57 2017 +0300
@@ -2166,6 +2166,44 @@ ngx_http_v2_state_window_update(ngx_http
                    "http2 WINDOW_UPDATE frame sid:%ui window:%uz",
                    h2c->state.sid, window);
 
+    if (window == 0) {
+        if (h2c->state.sid == 0) {
+            ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+                          "client sent WINDOW_UPDATE frame "
+                          "with incorrect window increment 0");
+
+            return ngx_http_v2_connection_error(h2c,
+                                                NGX_HTTP_V2_PROTOCOL_ERROR);
+        }
+
+        ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+                      "client sent WINDOW_UPDATE frame for stream %ui "
+                      "with incorrect window increment 0", h2c->state.sid);
+
+        node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 0);
+
+        if (node && node->stream) {
+            if (ngx_http_v2_terminate_stream(h2c, node->stream,
+                                             NGX_HTTP_V2_PROTOCOL_ERROR)
+                == NGX_ERROR)
+            {
+                return ngx_http_v2_connection_error(h2c,
+                                                    NGX_HTTP_V2_INTERNAL_ERROR);
+            }
+
+        } else {
+            if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid,
+                                            NGX_HTTP_V2_PROTOCOL_ERROR)
+                == NGX_ERROR)
+            {
+                return ngx_http_v2_connection_error(h2c,
+                                                    NGX_HTTP_V2_INTERNAL_ERROR);
+            }
+        }
+
+        return ngx_http_v2_state_complete(h2c, pos, end);
+    }
+
     if (h2c->state.sid) {
         node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 0);

More information about the nginx-devel mailing list