Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 7703:da5e3f5b1673
HTTP/2: rejecting invalid stream identifiers with PROTOCOL_ERROR.
Prodded by Xu Yang.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 02 Sep 2020 23:13:36 +0300 |
parents | d57f15922ca3 |
children | 097f578a4a8f |
comparison
equal
deleted
inserted
replaced
7702:7015f26aef90 | 7703:da5e3f5b1673 |
---|---|
951 } | 951 } |
952 | 952 |
953 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, | 953 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, |
954 "http2 DATA frame"); | 954 "http2 DATA frame"); |
955 | 955 |
956 if (h2c->state.sid == 0) { | |
957 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
958 "client sent DATA frame with incorrect identifier"); | |
959 | |
960 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); | |
961 } | |
962 | |
956 if (size > h2c->recv_window) { | 963 if (size > h2c->recv_window) { |
957 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | 964 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, |
958 "client violated connection flow control: " | 965 "client violated connection flow control: " |
959 "received DATA frame length %uz, available window %uz", | 966 "received DATA frame length %uz, available window %uz", |
960 size, h2c->recv_window); | 967 size, h2c->recv_window); |
2093 | 2100 |
2094 static u_char * | 2101 static u_char * |
2095 ngx_http_v2_state_settings(ngx_http_v2_connection_t *h2c, u_char *pos, | 2102 ngx_http_v2_state_settings(ngx_http_v2_connection_t *h2c, u_char *pos, |
2096 u_char *end) | 2103 u_char *end) |
2097 { | 2104 { |
2105 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, | |
2106 "http2 SETTINGS frame"); | |
2107 | |
2108 if (h2c->state.sid) { | |
2109 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
2110 "client sent SETTINGS frame with incorrect identifier"); | |
2111 | |
2112 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); | |
2113 } | |
2114 | |
2098 if (h2c->state.flags == NGX_HTTP_V2_ACK_FLAG) { | 2115 if (h2c->state.flags == NGX_HTTP_V2_ACK_FLAG) { |
2099 | 2116 |
2100 if (h2c->state.length != 0) { | 2117 if (h2c->state.length != 0) { |
2101 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | 2118 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, |
2102 "client sent SETTINGS frame with the ACK flag " | 2119 "client sent SETTINGS frame with the ACK flag " |
2115 "client sent SETTINGS frame with incorrect length %uz", | 2132 "client sent SETTINGS frame with incorrect length %uz", |
2116 h2c->state.length); | 2133 h2c->state.length); |
2117 | 2134 |
2118 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); | 2135 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); |
2119 } | 2136 } |
2120 | |
2121 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, | |
2122 "http2 SETTINGS frame"); | |
2123 | 2137 |
2124 return ngx_http_v2_state_settings_params(h2c, pos, end); | 2138 return ngx_http_v2_state_settings_params(h2c, pos, end); |
2125 } | 2139 } |
2126 | 2140 |
2127 | 2141 |
2267 } | 2281 } |
2268 | 2282 |
2269 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, | 2283 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, |
2270 "http2 PING frame"); | 2284 "http2 PING frame"); |
2271 | 2285 |
2286 if (h2c->state.sid) { | |
2287 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
2288 "client sent PING frame with incorrect identifier"); | |
2289 | |
2290 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); | |
2291 } | |
2292 | |
2272 if (h2c->state.flags & NGX_HTTP_V2_ACK_FLAG) { | 2293 if (h2c->state.flags & NGX_HTTP_V2_ACK_FLAG) { |
2273 return ngx_http_v2_state_skip(h2c, pos, end); | 2294 return ngx_http_v2_state_skip(h2c, pos, end); |
2274 } | 2295 } |
2275 | 2296 |
2276 frame = ngx_http_v2_get_frame(h2c, NGX_HTTP_V2_PING_SIZE, | 2297 frame = ngx_http_v2_get_frame(h2c, NGX_HTTP_V2_PING_SIZE, |
2306 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); | 2327 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); |
2307 } | 2328 } |
2308 | 2329 |
2309 if (end - pos < NGX_HTTP_V2_GOAWAY_SIZE) { | 2330 if (end - pos < NGX_HTTP_V2_GOAWAY_SIZE) { |
2310 return ngx_http_v2_state_save(h2c, pos, end, ngx_http_v2_state_goaway); | 2331 return ngx_http_v2_state_save(h2c, pos, end, ngx_http_v2_state_goaway); |
2332 } | |
2333 | |
2334 if (h2c->state.sid) { | |
2335 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
2336 "client sent GOAWAY frame with incorrect identifier"); | |
2337 | |
2338 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); | |
2311 } | 2339 } |
2312 | 2340 |
2313 #if (NGX_DEBUG) | 2341 #if (NGX_DEBUG) |
2314 h2c->state.length -= NGX_HTTP_V2_GOAWAY_SIZE; | 2342 h2c->state.length -= NGX_HTTP_V2_GOAWAY_SIZE; |
2315 | 2343 |