Skip to content

N
nghttp2
Commit 1fee4fd2 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa
Browse files
Options

nghttp2_hd: Fail inflate immediately if ctx.bad is nonzero 

Doing inflation after error produces invalid results, especially, if
it is in NGHTTP2_HD_STATE_READ_INDEX, the inflater->left could be 0,
which causes assertion error.  Add sanity assertion for index
parent 18357512
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 0 deletions
lib/nghttp2_hd.c
View file @ 1fee4fd2
...@@ -1390,6 +1390,10 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_inflater *inflater, ...@@ -1390,6 +1390,10 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_inflater *inflater,
uint8_t *last = in + inlen; uint8_t *last = in + inlen;
int rfin = 0; int rfin = 0;
if(inflater->ctx.bad) {
return NGHTTP2_ERR_HEADER_COMP;
}
DEBUGF(fprintf(stderr, "nghtp2_hd_infalte_hd start state=%d\n", DEBUGF(fprintf(stderr, "nghtp2_hd_infalte_hd start state=%d\n",
inflater->state)); inflater->state));
hd_inflate_keep_free(inflater); hd_inflate_keep_free(inflater);
...@@ -1487,6 +1491,7 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_inflater *inflater, ...@@ -1487,6 +1491,7 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_inflater *inflater,
} }
} else { } else {
inflater->index = inflater->left; inflater->index = inflater->left;
assert(inflater->index > 0);
--inflater->index; --inflater->index;
inflater->ent_name = nghttp2_hd_table_get(&inflater->ctx, inflater->ent_name = nghttp2_hd_table_get(&inflater->ctx,
inflater->index); inflater->index);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment