Overview

File nghttp2-limit-incoming.patch of Package nghttp2

From 026919b7ea89b6167f0fb84824a644fbbdabc8e7 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Thu, 4 Feb 2016 23:05:05 +0900
Subject: [PATCH] asio: server: Limit incoming request header field buffer size

---
 src/asio_server_http2_handler.cc | 7 +++++++
 src/asio_server_request_impl.cc  | 8 +++++++-
 src/asio_server_request_impl.h   | 4 ++++
 3 files changed, 18 insertions(+), 1 deletion(-)

Index: nghttp2-1.3.4/src/asio_server_http2_handler.cc
===================================================================
--- nghttp2-1.3.4.orig/src/asio_server_http2_handler.cc
+++ nghttp2-1.3.4/src/asio_server_http2_handler.cc
@@ -105,6 +105,13 @@ int on_header_callback(nghttp2_session *
     }
   // fall through
   default:
+    if (req.header_buffer_size() + namelen + valuelen > 64_k) {
+      nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, frame->hd.stream_id,
+                                NGHTTP2_INTERNAL_ERROR);
+      break;
+    }
+    req.update_header_buffer_size(namelen + valuelen);
+
     req.header().emplace(std::string(name, name + namelen),
                          header_value{std::string(value, value + valuelen),
                                       (flags & NGHTTP2_NV_FLAG_NO_INDEX) != 0});
Index: nghttp2-1.3.4/src/asio_server_request_impl.cc
===================================================================
--- nghttp2-1.3.4.orig/src/asio_server_request_impl.cc
+++ nghttp2-1.3.4/src/asio_server_request_impl.cc
@@ -28,7 +28,7 @@ namespace nghttp2 {
 namespace asio_http2 {
 namespace server {
 
-request_impl::request_impl() : strm_(nullptr) {}
+request_impl::request_impl() : strm_(nullptr), header_buffer_size_(0) {}
 
 const header_map &request_impl::header() const { return header_; }
 
@@ -54,6 +54,12 @@ void request_impl::call_on_data(const ui
   }
 }
 
+size_t request_impl::header_buffer_size() const { return header_buffer_size_; }
+
+void request_impl::update_header_buffer_size(size_t len) {
+  header_buffer_size_ += len;
+}
+
 } // namespace server
 } // namespace asio_http2
 } // namespace nghttp2
Index: nghttp2-1.3.4/src/asio_server_request_impl.h
===================================================================
--- nghttp2-1.3.4.orig/src/asio_server_request_impl.h
+++ nghttp2-1.3.4/src/asio_server_request_impl.h
@@ -48,12 +48,16 @@ public:
 
   const uri_ref &uri() const;
   uri_ref &uri();
+  size_t header_buffer_size_;
 
   void on_data(data_cb cb);
 
   void stream(class stream *s);
   void call_on_data(const uint8_t *data, std::size_t len);
 
+  size_t header_buffer_size() const;
+  void update_header_buffer_size(size_t len);
+
 private:
   class stream *strm_;
   header_map header_;
openSUSE Build Service is sponsored by
Places