Check max SETTINGS_HEADER_TABLE_SIZE in nghttp2_iv_check()

Hide NGHTTP2_MAX_HEADER_TABLE_SIZE from public API. Now it is defined as ((1u << 31) - 1) in nghttp2_frame.h, which is sufficiently big enough.

Check max SETTINGS_HEADER_TABLE_SIZE in nghttp2_iv_check()
Hide NGHTTP2_MAX_HEADER_TABLE_SIZE from public API. Now it is defined as ((1u << 31) - 1) in nghttp2_frame.h, which is sufficiently big enough.
bc6d9523 · Tatsuhiro Tsujikawa · f85c5928 · bc6d9523 · bc6d9523 · bc6d9523
Commit bc6d9523 authored May 12, 2014 by Tatsuhiro Tsujikawa
5 changed files
--- a/lib/includes/nghttp2/nghttp2.h
+++ b/lib/includes/nghttp2/nghttp2.h
@@ -152,13 +152,6 @@ typedef struct {
 */
 #define NGHTTP2_INITIAL_CONNECTION_WINDOW_SIZE ((1 << 16) - 1)

-/**
- * @macro
- *
- * The maximum header table size.
- */
-#define NGHTTP2_MAX_HEADER_TABLE_SIZE (1 << 28)
-
 /**
 * @macro
 *

--- a/lib/nghttp2_frame.c
+++ b/lib/nghttp2_frame.c
@@ -1008,6 +1008,10 @@ int nghttp2_iv_check(const nghttp2_settings_entry *iv, size_t niv)
  for(i = 0; i < niv; ++i) {
    switch(iv[i].settings_id) {
    case NGHTTP2_SETTINGS_HEADER_TABLE_SIZE:
+      if(iv[i].value > NGHTTP2_MAX_HEADER_TABLE_SIZE) {
+        return 0;
+      }
+      break;
    case NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS:
      break;
    case NGHTTP2_SETTINGS_ENABLE_PUSH:

--- a/lib/nghttp2_frame.h
+++ b/lib/nghttp2_frame.h
@@ -57,6 +57,9 @@
 /* The number of bytes for each SETTINGS entry */
 #define NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH 5

+/* The maximum header table size in SETTINGS_HEADER_TABLE_SIZE */
+#define NGHTTP2_MAX_HEADER_TABLE_SIZE ((1u << 31) - 1)
+
 /* Category of frames. */
 typedef enum {
  /* non-DATA frame */

--- a/lib/nghttp2_session.c
+++ b/lib/nghttp2_session.c
@@ -3265,7 +3265,8 @@ static int session_update_local_initial_window_size

 /*
 * Apply SETTINGS values |iv| having |niv| elements to the local
- * settings.
+ * settings.  We assumes that all values in |iv| is correct, since we
+ * validated them in nghttp2_session_add_settings() already.
 *
 * This function returns 0 if it succeeds, or one of the following
 * negative error codes:
@@ -3297,10 +3298,6 @@ int nghttp2_session_update_local_settings(nghttp2_session *session,
    }
  }
  if(header_table_size_seen) {
-    if(header_table_size < 0 ||
-       header_table_size > NGHTTP2_MAX_HEADER_TABLE_SIZE) {
-      return NGHTTP2_ERR_HEADER_COMP;
-    }
    rv = nghttp2_hd_inflate_change_table_size(&session->hd_inflater,
                                              header_table_size);
    if(rv != 0) {

--- a/tests/nghttp2_frame_test.c
+++ b/tests/nghttp2_frame_test.c
@@ -647,4 +647,9 @@ void test_nghttp2_iv_check(void)
  iv[1].settings_id = 1000000009;
  iv[1].value = 0;
  CU_ASSERT(!nghttp2_iv_check(iv, 2));
+
+  /* Too large SETTINGS_HEADER_TABLE_SIZE */
+  iv[1].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE;
+  iv[1].value = UINT32_MAX;
+  CU_ASSERT(!nghttp2_iv_check(iv, 2));
 }