-
Notifications
You must be signed in to change notification settings - Fork 30.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
http2: treat non-EOF empty frames like other invalid frames
Use the existing mechanism that we have to keep track of invalid frames for treating this specific kind of invalid frame. The commit that originally introduced this check was 695e38b, which was supposed to proected against CVE-2019-9518, which in turn was specifically about a *flood* of empty data frames. While these are still invalid frames either way, it makes sense to be forgiving here and just treat them like other invalid frames, i.e. to allow a small (configurable) number of them. Fixes: #37849 PR-URL: #37875 Backport-PR-URL: #38673 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
- Loading branch information
Showing
3 changed files
with
44 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
'use strict'; | ||
const common = require('../common'); | ||
if (!common.hasCrypto) | ||
common.skip('missing crypto'); | ||
const { readSync } = require('../common/fixtures'); | ||
const net = require('net'); | ||
const http2 = require('http2'); | ||
const { once } = require('events'); | ||
|
||
async function main() { | ||
const blobWithEmptyFrame = readSync('emptyframe.http2'); | ||
const server = net.createServer((socket) => { | ||
socket.end(blobWithEmptyFrame); | ||
}).listen(0); | ||
await once(server, 'listening'); | ||
|
||
for (const maxSessionInvalidFrames of [0, 2]) { | ||
const client = http2.connect(`http://localhost:${server.address().port}`, { | ||
maxSessionInvalidFrames | ||
}); | ||
const stream = client.request({ | ||
':method': 'GET', | ||
':path': '/' | ||
}); | ||
if (maxSessionInvalidFrames) { | ||
stream.on('error', common.mustNotCall()); | ||
client.on('error', common.mustNotCall()); | ||
} else { | ||
stream.on('error', common.mustCall()); | ||
client.on('error', common.mustCall()); | ||
} | ||
stream.resume(); | ||
await once(stream, 'end'); | ||
client.close(); | ||
} | ||
server.close(); | ||
} | ||
|
||
main().then(common.mustCall()); |