Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2
nghttp2
nghttp2-limit-incoming.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nghttp2-limit-incoming.patch of Package nghttp2
From 026919b7ea89b6167f0fb84824a644fbbdabc8e7 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> Date: Thu, 4 Feb 2016 23:05:05 +0900 Subject: [PATCH] asio: server: Limit incoming request header field buffer size --- src/asio_server_http2_handler.cc | 7 +++++++ src/asio_server_request_impl.cc | 8 +++++++- src/asio_server_request_impl.h | 4 ++++ 3 files changed, 18 insertions(+), 1 deletion(-) Index: nghttp2-1.3.4/src/asio_server_http2_handler.cc =================================================================== --- nghttp2-1.3.4.orig/src/asio_server_http2_handler.cc +++ nghttp2-1.3.4/src/asio_server_http2_handler.cc @@ -105,6 +105,13 @@ int on_header_callback(nghttp2_session * } // fall through default: + if (req.header_buffer_size() + namelen + valuelen > 64_k) { + nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, frame->hd.stream_id, + NGHTTP2_INTERNAL_ERROR); + break; + } + req.update_header_buffer_size(namelen + valuelen); + req.header().emplace(std::string(name, name + namelen), header_value{std::string(value, value + valuelen), (flags & NGHTTP2_NV_FLAG_NO_INDEX) != 0}); Index: nghttp2-1.3.4/src/asio_server_request_impl.cc =================================================================== --- nghttp2-1.3.4.orig/src/asio_server_request_impl.cc +++ nghttp2-1.3.4/src/asio_server_request_impl.cc @@ -28,7 +28,7 @@ namespace nghttp2 { namespace asio_http2 { namespace server { -request_impl::request_impl() : strm_(nullptr) {} +request_impl::request_impl() : strm_(nullptr), header_buffer_size_(0) {} const header_map &request_impl::header() const { return header_; } @@ -54,6 +54,12 @@ void request_impl::call_on_data(const ui } } +size_t request_impl::header_buffer_size() const { return header_buffer_size_; } + +void request_impl::update_header_buffer_size(size_t len) { + header_buffer_size_ += len; +} + } // namespace server } // namespace asio_http2 } // namespace nghttp2 Index: nghttp2-1.3.4/src/asio_server_request_impl.h =================================================================== --- nghttp2-1.3.4.orig/src/asio_server_request_impl.h +++ nghttp2-1.3.4/src/asio_server_request_impl.h @@ -48,12 +48,16 @@ public: const uri_ref &uri() const; uri_ref &uri(); + size_t header_buffer_size_; void on_data(data_cb cb); void stream(class stream *s); void call_on_data(const uint8_t *data, std::size_t len); + size_t header_buffer_size() const; + void update_header_buffer_size(size_t len); + private: class stream *strm_; header_map header_;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor