|
|
- commit 4fb65f421b4d650711e5d8b9dbcbf4bf589d26cc
- Author: Christopher Faulet <cfaulet@haproxy.com>
- Date: Wed Jun 19 09:25:58 2019 +0200
-
- BUG/MEDIUM: mux-h2: Remove the padding length when a DATA frame size is checked
-
- When a DATA frame is processed for a message with a content-length, we first
- take care to not have a frame size that exceeds the remaining to
- read. Otherwise, an error is triggered. But we must remove the padding length
- from the frame size because the padding is not included in the announced
- content-length.
-
- This patch must be backported to 2.0 and 1.9.
-
- (cherry picked from commit 4f09ec812adbd9336cddc054660a7fb5cd54b459)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
- diff --git a/src/mux_h2.c b/src/mux_h2.c
- index c06d5d68..5bb85181 100644
- --- a/src/mux_h2.c
- +++ b/src/mux_h2.c
- @@ -2177,7 +2177,7 @@ static int h2c_frt_handle_data(struct h2c *h2c, struct h2s *h2s)
- goto strm_err;
- }
-
- - if ((h2s->flags & H2_SF_DATA_CLEN) && h2c->dfl > h2s->body_len) {
- + if ((h2s->flags & H2_SF_DATA_CLEN) && (h2c->dfl - h2c->dpl) > h2s->body_len) {
- /* RFC7540#8.1.2 */
- error = H2_ERR_PROTOCOL_ERROR;
- goto strm_err;
|
