[PATCH] HTTP/3: require that field section base index is not negative
Roman Arutyunyan
arut at nginx.com
Thu May 26 11:45:55 UTC 2022
# HG changeset patch
# User Roman Arutyunyan <arut at nginx.com>
# Date 1653564901 -14400
# Thu May 26 15:35:01 2022 +0400
# Branch quic
# Node ID 9feb0196a87189b573757cc00a15ff0acf4d5f8c
# Parent c2f5d79cde64457f1fa7344c56a5248a677a7e46
HTTP/3: require that field section base index is not negative.
RFC 9204 explicitly requires that.
diff --git a/src/http/v3/ngx_http_v3_parse.c b/src/http/v3/ngx_http_v3_parse.c
--- a/src/http/v3/ngx_http_v3_parse.c
+++ b/src/http/v3/ngx_http_v3_parse.c
@@ -474,7 +474,12 @@ done:
}
if (st->sign) {
+ if (st->insert_count <= st->delta_base) {
+ return NGX_HTTP_V3_ERR_DECOMPRESSION_FAILED;
+ }
+
st->base = st->insert_count - st->delta_base - 1;
+
} else {
st->base = st->insert_count + st->delta_base;
}
More information about the nginx-devel
mailing list