[PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments
Valentin V. Bartenev
vbart at nginx.com
Tue Mar 28 17:25:42 UTC 2017
On Tuesday 28 March 2017 03:52:07 Piotr Sikora via nginx-devel wrote:
> # HG changeset patch
> # User Piotr Sikora <piotrsikora at google.com>
> # Date 1490516706 25200
> # Sun Mar 26 01:25:06 2017 -0700
> # Node ID ccb36c87291e38d1a63224d143cbeaa4ee4a4287
> # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
> HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments.
>
> Signed-off-by: Piotr Sikora <piotrsikora at google.com>
>
[..]
Here's my version of the patch.
It's made similar to ngx_http_v2_state_priority().
# HG changeset patch
# User Valentin Bartenev <vbart at nginx.com>
# Date 1490721720 -10800
# Tue Mar 28 20:22:00 2017 +0300
# Node ID 3e798c552767068056c0251d7b6bd9ffd2587fc0
# Parent ce37362a7a70c0acd14ba01c8c2223b366b62233
HTTP/2: rejecting zero WINDOW_UPDATE with PROTOCOL_ERROR.
It's required by RFC 7540. While there is no real harm from such frames,
that should help to detect broken clients.
Prodded by Piotr Sikora.
diff -r ce37362a7a70 -r 3e798c552767 src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Tue Mar 28 18:15:42 2017 +0300
+++ b/src/http/v2/ngx_http_v2.c Tue Mar 28 20:22:00 2017 +0300
@@ -2161,6 +2161,40 @@ ngx_http_v2_state_window_update(ngx_http
"http2 WINDOW_UPDATE frame sid:%ui window:%uz",
h2c->state.sid, window);
+ if (window == 0) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "client sent WINDOW_UPDATE frame "
+ "with incorrect window increment 0");
+
+ if (h2c->state.sid == 0) {
+ return ngx_http_v2_connection_error(h2c,
+ NGX_HTTP_V2_PROTOCOL_ERROR);
+ }
+
+ node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 0);
+
+ if (node && node->stream) {
+ if (ngx_http_v2_terminate_stream(h2c, node->stream,
+ NGX_HTTP_V2_PROTOCOL_ERROR)
+ == NGX_ERROR)
+ {
+ return ngx_http_v2_connection_error(h2c,
+ NGX_HTTP_V2_INTERNAL_ERROR);
+ }
+
+ } else {
+ if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid,
+ NGX_HTTP_V2_PROTOCOL_ERROR)
+ == NGX_ERROR)
+ {
+ return ngx_http_v2_connection_error(h2c,
+ NGX_HTTP_V2_INTERNAL_ERROR);
+ }
+ }
+
+ return ngx_http_v2_state_complete(h2c, pos, end);
+ }
+
if (h2c->state.sid) {
node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 0);
More information about the nginx-devel
mailing list