Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 7703:da5e3f5b1673
HTTP/2: rejecting invalid stream identifiers with PROTOCOL_ERROR.
Prodded by Xu Yang.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 02 Sep 2020 23:13:36 +0300 |
| parents | d57f15922ca3 |
| children | 097f578a4a8f |
comparison
equal
deleted
inserted
replaced
| 7702:7015f26aef90 | 7703:da5e3f5b1673 |
|---|---|
| 951 } | 951 } |
| 952 | 952 |
| 953 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, | 953 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, |
| 954 "http2 DATA frame"); | 954 "http2 DATA frame"); |
| 955 | 955 |
| 956 if (h2c->state.sid == 0) { | |
| 957 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
| 958 "client sent DATA frame with incorrect identifier"); | |
| 959 | |
| 960 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); | |
| 961 } | |
| 962 | |
| 956 if (size > h2c->recv_window) { | 963 if (size > h2c->recv_window) { |
| 957 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | 964 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, |
| 958 "client violated connection flow control: " | 965 "client violated connection flow control: " |
| 959 "received DATA frame length %uz, available window %uz", | 966 "received DATA frame length %uz, available window %uz", |
| 960 size, h2c->recv_window); | 967 size, h2c->recv_window); |
| 2093 | 2100 |
| 2094 static u_char * | 2101 static u_char * |
| 2095 ngx_http_v2_state_settings(ngx_http_v2_connection_t *h2c, u_char *pos, | 2102 ngx_http_v2_state_settings(ngx_http_v2_connection_t *h2c, u_char *pos, |
| 2096 u_char *end) | 2103 u_char *end) |
| 2097 { | 2104 { |
| 2105 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, | |
| 2106 "http2 SETTINGS frame"); | |
| 2107 | |
| 2108 if (h2c->state.sid) { | |
| 2109 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
| 2110 "client sent SETTINGS frame with incorrect identifier"); | |
| 2111 | |
| 2112 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); | |
| 2113 } | |
| 2114 | |
| 2098 if (h2c->state.flags == NGX_HTTP_V2_ACK_FLAG) { | 2115 if (h2c->state.flags == NGX_HTTP_V2_ACK_FLAG) { |
| 2099 | 2116 |
| 2100 if (h2c->state.length != 0) { | 2117 if (h2c->state.length != 0) { |
| 2101 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | 2118 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, |
| 2102 "client sent SETTINGS frame with the ACK flag " | 2119 "client sent SETTINGS frame with the ACK flag " |
| 2115 "client sent SETTINGS frame with incorrect length %uz", | 2132 "client sent SETTINGS frame with incorrect length %uz", |
| 2116 h2c->state.length); | 2133 h2c->state.length); |
| 2117 | 2134 |
| 2118 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); | 2135 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); |
| 2119 } | 2136 } |
| 2120 | |
| 2121 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, | |
| 2122 "http2 SETTINGS frame"); | |
| 2123 | 2137 |
| 2124 return ngx_http_v2_state_settings_params(h2c, pos, end); | 2138 return ngx_http_v2_state_settings_params(h2c, pos, end); |
| 2125 } | 2139 } |
| 2126 | 2140 |
| 2127 | 2141 |
| 2267 } | 2281 } |
| 2268 | 2282 |
| 2269 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, | 2283 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, |
| 2270 "http2 PING frame"); | 2284 "http2 PING frame"); |
| 2271 | 2285 |
| 2286 if (h2c->state.sid) { | |
| 2287 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
| 2288 "client sent PING frame with incorrect identifier"); | |
| 2289 | |
| 2290 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); | |
| 2291 } | |
| 2292 | |
| 2272 if (h2c->state.flags & NGX_HTTP_V2_ACK_FLAG) { | 2293 if (h2c->state.flags & NGX_HTTP_V2_ACK_FLAG) { |
| 2273 return ngx_http_v2_state_skip(h2c, pos, end); | 2294 return ngx_http_v2_state_skip(h2c, pos, end); |
| 2274 } | 2295 } |
| 2275 | 2296 |
| 2276 frame = ngx_http_v2_get_frame(h2c, NGX_HTTP_V2_PING_SIZE, | 2297 frame = ngx_http_v2_get_frame(h2c, NGX_HTTP_V2_PING_SIZE, |
| 2306 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); | 2327 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); |
| 2307 } | 2328 } |
| 2308 | 2329 |
| 2309 if (end - pos < NGX_HTTP_V2_GOAWAY_SIZE) { | 2330 if (end - pos < NGX_HTTP_V2_GOAWAY_SIZE) { |
| 2310 return ngx_http_v2_state_save(h2c, pos, end, ngx_http_v2_state_goaway); | 2331 return ngx_http_v2_state_save(h2c, pos, end, ngx_http_v2_state_goaway); |
| 2332 } | |
| 2333 | |
| 2334 if (h2c->state.sid) { | |
| 2335 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
| 2336 "client sent GOAWAY frame with incorrect identifier"); | |
| 2337 | |
| 2338 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); | |
| 2311 } | 2339 } |
| 2312 | 2340 |
| 2313 #if (NGX_DEBUG) | 2341 #if (NGX_DEBUG) |
| 2314 h2c->state.length -= NGX_HTTP_V2_GOAWAY_SIZE; | 2342 h2c->state.length -= NGX_HTTP_V2_GOAWAY_SIZE; |
| 2315 | 2343 |