You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 lines
1.2 KiB
30 lines
1.2 KiB
commit 4fb65f421b4d650711e5d8b9dbcbf4bf589d26cc
|
|
Author: Christopher Faulet <cfaulet@haproxy.com>
|
|
Date: Wed Jun 19 09:25:58 2019 +0200
|
|
|
|
BUG/MEDIUM: mux-h2: Remove the padding length when a DATA frame size is checked
|
|
|
|
When a DATA frame is processed for a message with a content-length, we first
|
|
take care to not have a frame size that exceeds the remaining to
|
|
read. Otherwise, an error is triggered. But we must remove the padding length
|
|
from the frame size because the padding is not included in the announced
|
|
content-length.
|
|
|
|
This patch must be backported to 2.0 and 1.9.
|
|
|
|
(cherry picked from commit 4f09ec812adbd9336cddc054660a7fb5cd54b459)
|
|
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
|
|
|
diff --git a/src/mux_h2.c b/src/mux_h2.c
|
|
index c06d5d68..5bb85181 100644
|
|
--- a/src/mux_h2.c
|
|
+++ b/src/mux_h2.c
|
|
@@ -2177,7 +2177,7 @@ static int h2c_frt_handle_data(struct h2c *h2c, struct h2s *h2s)
|
|
goto strm_err;
|
|
}
|
|
|
|
- if ((h2s->flags & H2_SF_DATA_CLEN) && h2c->dfl > h2s->body_len) {
|
|
+ if ((h2s->flags & H2_SF_DATA_CLEN) && (h2c->dfl - h2c->dpl) > h2s->body_len) {
|
|
/* RFC7540#8.1.2 */
|
|
error = H2_ERR_PROTOCOL_ERROR;
|
|
goto strm_err;
|